YOUNEEDJT 
WE  GET  IT.  ■ 


Cisco551  Catalyst"5  3560X-24P-S  Switch 

CDW  2089674 

•  Optional  four  Gigabit  Ethernet  (GbE)  SFP 
or  two  10GbE  SFP+  uplink  network  modules 

•  PoE+  with  30W  power  on  all  ports  in 
one-rack  unit  (RU)  form  factor 

■  Dual  redundant,  modular  power  supplies 
and  fans 

$3623" 


Cisco  Catalyst  3560V2-48PS  48-port 
Managed,  Rack-mountable  Switch 

CDW  1756716 

■  Consumes  less  power  than  its  predecessors 

•  Ideal  access  layer  switch  for  enterprise, 
retail,  and  branch-office  environments 

•  Maximizes  productivity  and  investment 
protection  by  enabling  a  unified  network 

$4565" 


Switches,  They  keep  organizations 
moving  forward  by  keeping  networks 
from  lagging  behind,  We  get  it  and 
have  partnerships  with  the  industry’s 
leading  vendors  to  get  things  moving 
in  no  time.  Managed  or  unmanaged, 
Mounted  or  unmounted,  Our  account 
managers  and  solution  architects  can 
find  the  right  one  for  your  network. 

All  you  have  to  do  is  call  or  click. 

800.399.4CDW  I  CDW.com/switches 


Cisco  Catalyst  2960S-48FPD-L 
48-port  Managed,  Rack-mountable  Switch 

CDW  2030976 

•  Cisco  FlexStack  switch  stacking  capability 
with  1-  and  10-Gigabit  connectivity 

•  Power  over  Ethernet  Plus  (PoE+) 

■  Fast  Ethernet  access  connectivity 
and  PoE  capabilities 

$6094" 


PEOPLE 
WHO 
GET  IT 


Offers  subject  to  CDW's  standard  terms  and  conditions  of  sale,  available  at  CDW.com.  ¥’2011  CDW  LLC.  CDW  .  CDW-G  and  PEOPLE  WHO  GET  IT™  are  trademarks  of  CDW,  LLC. 
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FROM  THE  EDITOR  |  JOHN  DIX 

Data  center  surprises 

It  isn’t  surprising  that  virtualization  topped  the  list  of 
technologies  expected  to  have  the  biggest  impact  on  data 
center  investments  over  the  next  two  years,  according  to  a 
new  Network  World  study,  but  the  survey  turned  up  some 
surprises  as  well. 

One  surprise:  The  376  respondents  reported 
a  healthy  average  ratio  of  opex  to  capex  data 
center  spending:  53%  to  47%,  respectively.  That  shows 
companies  have  been  successful  in  implementing 
technologies  that  require  less  care  and  feeding,  freeing 
more  money  up  for  investment  in  innovation,  a  marked 
departure  from  the  80/20  opex  to  capex  ratio  so  often 
cited  in  this  business. 

Less  surprising  is  the  fact  that  three  flavors  of  virtu¬ 
alization  were  cited  as  big-boom  items.  Almost  half  the 
respondents  said  server  virtualization  will  have  the 
biggest  impact  on  data  center  investments  over  the  next  two  years,  showing  the 
headroom  left  with  this  technology,  followed  by  storage  virtualization  (cited  by 
40%)  and  desktop  virtualization  (35%). 

What  about  cloud?  Some  31%  believe  private  cloud  technology  will  have  a  sig¬ 
nificant  impact  on  data  center  spending  over  the  next  two  years,  followed  by  hybrid 
cloud  at  25%  and  public  cloud  at  19%. 

Asked  about  the  need  to  migrate  to  flatter  networks  or  network  fabrics  to 
contend  with  the  shift  to  virtual  resources,  26%  of  the  respondents  said  they  aren’t 
sure  the  need  is  real.  A  larger  group,  however,  sees  the  writing  on  the  wall:  20% 
said  it  is  real  and  they  will  evaluate  the  technology  this  year;  23%  said  it  is  real  but 
they  are  a  year  away  from  the  need  to  evaluate  further;  and  18%  said  it  is  real  but 
they  are  more  than  two  years  away  from  evaluation.  A  final  12%  don’t  foresee  the 
need  to  change  anything. 

Asked  how  their  data  center  strategy  is  affecting  resource  utilization  rates,  60% 
said  they  are  driving  that  up,  which  perhaps  explains  some  of  the  shift  in  opex  to 
capex  monies.  But  some  ancillary  results  were  less  intuitive. 

For  example,  even  with  big  investments  in  virtualization,  40%  of  the  respon¬ 
dents  said  the  device  count  in  their  data  centers  is  increasing,  while  only  28%  are 
seeing  decreases  (and  18%  report  no  change  and  the  rest  weren’t  sure).  And  29% 
see  vendor  counts  increasing,  despite  years  of  effort  to  turn  that  around.  Only  23% 
have  managed  to  reduce  vendor  count  (39%  report  no  change). 

What’s  more,  even  as  companies  have  strived  to  reduce  the  number  of  applica¬ 
tions  they  manage,  52%  of  the  respondents  report  application  counts  growing. 
Only  10%  report  declines,  while  31%  are  treading  water. 

Big  picture:  It  would  appear  that  gains  from  virtualization  have  lessened  the 
need  to  simplify  environments  by  reducing  device,  vendor  and  application  count. 
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Breaches,  exploits  inevitable 

©THE  COUNCIL’S  REPORT  should bea 
wake-up  call  to  all  organizations.  Every 
business  and  government  body  has 
valuable  data,  and  to  assume  that  threats 
are  being  contained  at  the  perimeter  is 
no  longer  realistic.  Now  the  only  way  to 
combat  the  threats  —  which  increasingly 
pursue  targets  of  choice  —  is  to  assume  an 
environment  of  what  Forrester  calls  “zero 
trust.”  Forrester’s  call  for  network  analy¬ 
sis  and  visibility  (NAV)  solutions  echoes 
the  council’s  own  call  for  better  analysis 
and  visibility  (Re:  “Advanced  persistent 
threats  force  IT  to  rethink  security  priori¬ 
ties”;  tinyurl.com/3rsevvf). 

But  the  first  step  is  coming  to  terms 
with  the  sea  change  that  breaches  and 
exploits  are  inevitable,  and  it’s  how  (and 
how  quickly)  they’re  handled  that  matters. 

Michael_Applebaum 

Who  wants  a  printed  sandwich? 

©  DESPITE  VERY  PROBABLE  penetration 
of  the  technologies  mentioned  in  daily 
life,  I  don’t  think  there  is  a  real  demand 
for  anything  but  energy  and  healthcare 
technology  (Re:  “10 
technologies  that  will 
change  the  world  in  the 
next  10  years”;  tinyurl. 
com/6ck7xee).  There  is 
not  much  fun  in  artifi¬ 
cial  objects,  and  people 
will  always  prefer 
handmade  and  organic 
objects  that  provide  a 
more  complex  experi¬ 
ence.  The  technology 
will  have  to  be  incorporated  into  objects 
to  assimilate  with  natural  tissue  and  have 
maximum  ease  of  use.  Talkative  toasters 
will  stay  in  sci-fi  movies,  hopefully. 

Anon 

Freedom  and  technology 

©  FREEDOM  HAS  ITS  pitfalls, primarily 
that  it  allows  people  to  make  bad  choices 
as  well  as  good  ones.  When  one’s  head  is 
turned  by  greed,  laziness,  fanaticism  and 
fashion,  the  right  choice  is  often  hard  to 
properly  identify.  For  those  who  are  lazy 
but  talented  in  software  authoring,  the 
bad  choice  is  to  write  malware  and  exploit 
others’  vulnerabilities,  rather  than  acting 
like  a  human  being  and  standing  on  one’s 
own  actions  (Re:  “Android  Trojan  records 
phone  calls”;  tinyurl.com/3kvrovt). 


Freedom  and  technology,  when  used 
responsibly,  result  in  huge  benefit;  when 
misused,  they  result  in  anarchy  and 
destruction.  Those  of  us  who  chose  to 
be  responsible  will  always  be  plagued 
by  those  who  choose  to  be  irresponsible. 
That  does  not  make  freedom  bad,  but  it 
does  make  freedom  hard. 

Anon 

Sprint  missteps 

©  SPRINT  WAS  STARTED  by  a  railroad 
(SPR  in  Sprint  stands  for  Southern 
Pacific  Railway),  that  decided  to  use  the 
microwave  communication  towers  along 
railroad  rights-of-way  to  provide  long¬ 
distance  telephone  service  as  an  alterna¬ 
tive  to  AT&T.  It  made  a  smart  move  in  the 
early  ’80s  to  install  fiber-optic  cable  along 
these  same  rights-of-way,  and  became  the 
carrier  with  the  best  network  in  the  U.S. 
From  there,  it  has  made  one  bad  decision 
after  another,  and  each  one  resulted  in 
loss  of  market  share  and  customers  (Re: 
‘Can  Sprint  realistically  support  both  LTE 
and  WiMax?”  tinyurl.com/3npn9rr). 

Ultimately,  I  think  it’s  in  Sprint’s  best 
interest  to  be  acquired 
by  a  consortium  of  cable 
TV  providers,  which 
can  build  a  nationwide 
network  providing 
three  to  four  tiers  of 
services  (TV  telephone, 
Internet,  monitoring) 
via  local  broadband 
connections,  and  also 
own  the  backhaul 
facilities  for  wireless, 
manage  Internet  peering  arrangements, 
manage  VoIP  to  landline  gateways.  Sprint 
ultimately  can’t  make  it  on  its  own. 

RB 

Needs  more 

©THIS  ARTICLE  IS  really  only  half 
complete  without  proper  mentions  of 
the  onslaught  of  Android  as  well  (Re: 
‘Timeline:  RIM’s  rapid  decline”;  tinyurl. 
com/3zzhgb2).  A  single  mention  of  the  OG 
Droid  hardly  expresses  the  rapid  success 
of  the  platform.  Apple  definitely  started 
it  all,  but  it  has  been  the  one-two  punch 
from  both  platforms  that  have  beaten  RIM 
down  so  badly.  Meanwhile  Windows  is  in 
the  background  putting  the  gloves  on  and 
about  to  step  in  the  ring  as  well. 

ChrisFricke 


Talkative 
toasters  will  stay 
in  sci-fi  movies, 
hopefully. 
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TREND  MICRO  IS  ttl  IN  VIRTUALIZATION  SECURITY 
V MW  ARE  IS  #1  IN  VIRTUALIZATION 


Trend  Micro  and  VMware  allow  you  to  fully  capitalize  on  the  operational  benefits  of  virtualization 
and  cloud  computing  with  innovative,  complementary  solutions  for  security  and  compliance. 
These  include  the  first  and  only  agentless  antivirus,  intrusion  prevention  and  integrity  monitoring 
solutions  for  virtualized  datacenters  and  desktops.  Additionally,  our  encryption  and  key  management 
solution  for  public,  private  and  hybrid  clouds  allows  you  to  better  manage  and  secure  your  data 
wherever  it  resides.  The  result  is  a  true  business  advantage.  »trendmicro.com/vmwqrld 


SCAN  ME! 


vmwa  re'  c 


VISIT  US  AT  VMWORLD®  2011  IN  LAS  VEGAS 


TREND 

micro" 
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©  2011  Trend  Micro,  Inc.  All  rights  reserved.  Trend  Micro  and  the  t-ball  logo  are  trademarks  or  registered  trademarks  of  Trend  Micro,  Inc. 
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New  Fed  CIO 

FORMER  MICROSOFT  EXECUTIVE 

Steven  VanRoekel  is  set  to  become  the 
nation's  second  federal  CIO,  replacing 
outgoing  CIO  Vivek  Kundra,  who  is  taking 
a  fellowship  at  Harvard.  VanRoekel  left  his 
post  as  senior  director  of  Microsoft’s  Windows  Server  and  Tools 
Division  in  2009  after  15  years  at  the  firm  to  become  manag¬ 
ing  director  of  the  FCC.  The  White  House  announcement  gave 
no  hint  about  whether  VanRoekel  will  make  any  changes  in  IT 
direction  or  steer  away  from  Kundra 's  25  point  plan  for  IT,  which 
includes  closing  800  federal  data  centers  by  2015.  tinyurl. 
com/3re7jvg 
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Microsoft  resists 

bug-bounty 

approach 

MICROSOFT  LAUNCHED  a 

$250,000  contest  for  research¬ 
ers  who  develop  defensive 
security  technologies  that  deal 
with  entire  classes  of  exploits. 
The  BlueHat  Prize  will  award 
$200,000  to  the  first-place 
winner,  $50,000  for  second 
place,  and  a  subscription  to 
Microsoft’s  developer  network 
as  the  third-place  award. 
Microsoft  said  it  considered 
but  ultimately  rejected  the  idea 
of  a  bug  bounty  program  in 
favor  of  the  competition,  which 
is  an  effort  to  tap  researchers’ 
brains  for  something  bigger 
than  a  vulnerability  here,  a 
bug  there.  “We  want  to  make 
it  more  costly  and  difficult  for 
criminals  to  exploit  vulnerabili¬ 
ties,”  said  Katie  Moussouris, 
a  senior  security  strategist 
lead  at  Microsoft.  “We  want  to 
inspire  researchers  to  focus 


their  expertise  on  defensive 
security  technologies.”f/nyur/. 
com/3fgzxp8 

Data  centers 
not  so  power- 
hungry  after  all? 

DATA  CENTERS  have  been 
using  less  electricity  than 
expected  —  but  it’s  not  because 
of  snazzy  energy-efficient  gear. 
According  to  a  study  by  Jonathan 
Koomey,  a  consulting  professor 
at  Stanford  and  a  climate  and 
energy  researcher,  data  center 
energy  use  in  the  last  five  years 
rose  only  about  56%  vs.  doubling 
in  the  period  between  2000  and 
2005.  And  in  the  U.S.,  it  rose  only 
36%,  which  is  significantly  lower 
than  predicted  by  the  EPA’s 
2007  report  to  Congress  on  data 
centers.  The  Koomey  report 
attributes  the  lower  usage  to  a 
lower- than-predicted  growth 
in  the  server  base  rather  than 
energy-efficiency  improvements. 


Growth  in  the  installed  base 
of  servers  had  already  begun 
to  slow  by  early  2007  because 
of  virtualization  and  other 
factors.  And  the  2008  reces¬ 
sion,  combined  with  further 
improvements  in  virtualization, 
led  to  a  significant  reduction  in 
actual  server  installed  base  when 
compared  with  a  forecast  pub¬ 
lished  in  2007  by  IDC.  tinyurl. 
com/3efgltj 

Skills  that 
hiring  managers 
want  now 

A  HANDFUL  ofup  -and-coming 
tech  skills  are  catching  the 
attention  of  IT  hiring  managers, 
says  Dice.com,  which  analyzed 
the  keywords  that  show  up  in 
employers’  resume  database 
searches.  Topping  the  list  is 
iRise,  which  makes  a  simulation 
platform  that  allows  companies 
to  test-drive  business  software 
before  getting  too  far  into  the 
development  process.  Next  is  an 
old-school  term:  COTS,  or  com¬ 
mercial  off-the-shelf  software. 

If  job  seekers  have  developed 
software  for  a  commercial 


PARITY  BITS 


Third  quarter 
sales  of  Apple 
iPads,  $940 
million  more 

than  the  company 
made  selling  all 
flavors  of  Macs. 


IT  VIDEO 

Japanese 
robot  can  lift 
elderly  hospital 
patients 

A  look  at  "RIBA-II,”  a  robot 
designed  to  help  with 
the  tough  task  of  lifting 
patients  from  their  futon 
mattress  into  a  wheelchair. 
tinyurl.com/3dtvoqn 


software  maker,  it  might  not 
occur  to  them  to  include  the  term 
“COTS”  on  their  resumes,  yet 
that’s  something  employers  are 
looking  for.  Rounding  out  the 
top  five  emerging  search  terms 
are  Crystal  SDK,  PeopleSoft 
Security  and  NetApp.  tinyurl. 
com/3laxfbp 

EBay  goes  for 
flash  storage 

WHEN  ONLINE  auction  site 
eBay  had  problems  meeting  the 
I/O  storage  demands  of  business 
units  starved  for  more  virtual 
machine  (VM)  deployments, 
its  quality  assurance  division 
swapped  out  hard  disk-based 
arrays  with  solid-state  drive 
(SSD)  storage.  After  replacing 
100TB  of  storage  with  modular 
SSD  arrays  from  Nimbus  Data 
Systems,  eBay  saw  a  50%  reduc¬ 
tion  in  standard  storage  rack 
space,  a  78%  drop  in  power  con¬ 
sumption  and  a  five-fold  boost 
in  I/O  performance.  That  speed 
boost  now  allows  eBay  to  bring  a 
new  VM  online  in  five  minutes, 
compared  to  45  minutes  previ¬ 
ously.  Today,  the  company  has 
12  SSD  arrays  with  capacity  that 
rivals  the  amount  of  traditional 
hard  drive  storage  used,  accord¬ 
ing  to  Michael  Craft,  eBay’s 
manager  of  QA  Systems  Admin¬ 
istration.  “One  rack  [of  SSD 
storage]  is  equal  to  eight  or  nine 
racks  of  something  else,”  Craft 
said,  tinyurl.com/3wbof7p 
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Virtual 


An  iPad™  or  a  Droid™  A  smartphone  or  a  tablet.  A  Mac®  or  a  PC. 
Now  you  can  deliver  virtual  desktops  that  will  adapt  easily  to 

any  device  in  any  combination.  Seamlessly.  Simply.  Securely. 

That's  the  power  of 
virtual  computing,  delivered 
by  Citrix®  XenDesktop® 

with  FlexCasf 
technology. 

As  computing 


evolves,  say 
yes  to  the  demands  of  your  workforce 


and  your  business.  All  with  complete  confidence  and 
complete  control.  Virtual  computing  solutions  from  Citrix. 
Simplicity  is  power.  Citrix. 


CiTRIX 


Citrix.com/SimplicitylsPower 
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Black  Hat:  Lots  of  hacks  and  a  patriotic  plea 


BYTIM  GREENE 

LAS  VEGAS  —  Black  Hat  didn’t  disappoint 
this  year,  with  research  revealing  a  flaw  that 
undercuts  OSPF  routing,  two  separate  asser¬ 
tions  that  security  for  Apple  products  in  the 
enterprise  isn’t  that  bad  and  a  friendly  hand 
being  offered  to  hackers  and  crackers  to  join 
the  U.S.  fight  against  terrorists  in  cyberspace. 

Perhaps  the  biggest  blockbuster,  because  of 
the  sheer  scope  of  the  potential  problem,  is  the 
vulnerability  an  Israeli  researcher  found  in 
the  Open  Shortest  Path  First  (OSPF)  routing 
protocol  that  puts  networks  using  it  at  risk  of 
attacks  that  compromise  data  streams,  falsify 
network  topography  and  create  crippling 
router  loops. 

OSPF  is  the  most  popular  routing  protocol 
used  within  the  roughly  35,000  autonomous 
systems  into  which  the  Internet  is  divided. 
Typically  large  corporations,  universities 
and  ISPs  run  autonomous  systems. 

The  only  remedies  are  using  another  pro¬ 
tocol  such  as  RIP  or  IS-IS  or  changing  OSPF 
to  close  the  vulnerability,  says  Gabi  Nakibly, 
a  researcher  at  Israel’s  Electronic  Warfare 
Research  and  Simulation  Center,  who  dis¬ 
covered  the  problem. 

Nakibly  says  he  has  carried  out  an  exploit 
against  the  vulnerability  on  a  Cisco  7200 
router  running  software  version  IOS  15.0(1) 
M,  but  it  would  be  equally  effective  against 
any  router  that  is  compliant  with  the  OSPF 
specification. 

Meanwhile,  researchers  took  a  look  at 
Apple’s  OS  X  operating  system  for  desktops 
and  laptops  and  its  iOS  operating  system  for 
mobile  devices  to  see  whether  they  are  more 
or  less  vulnerable  than  Microsoft  products. 

The  conclusion  of  Alex  Stamos,  who  led  a 
team  of  researchers  from  iSec  Partners  that 
researched  the  OS  X  and  Windows  7  operat¬ 
ing  systems,  is  that  Apple  does  pretty  well, 
but  Microsoft  wins.  While  earlier  versions 
of  Apple’s  software  were  more  vulnerable  to 
initial  exploitation  than  Windows  7,  the  latest 
version,  known  as  Lion,  makes  up  ground. 

Escalating  privileges  remains  a  problem  on 
both  operating  systems,  Stamos  says,  with  OS 
X  having  more  potential  soft  spots  than  Win¬ 
dows  7.  But  when  it  comes  to  network  vulner¬ 
abilities,  Apple  is  the  loser.  “OS  X  networks 
are  significantly  more  vulnerable  to  network 
privilege  escalation,”  he  says.  “Almost  every 
OS  X  server  service  offers  weak  or  broken 
authentication  mechanisms.” 

Stamos  says  enterprises  should  run  Apple 
OS  X  products  in  isolated  islands  within 
networks. 


MM  Stuxnct  is  the  Rubicon 
II  of  our  future.  What 
had  been  college  pranks 
cubed  and  squared  has 
now  changed  into  physical 
destruction  of  a  national 
resource.  This  is  huge. 


COFER  BLACK,  FORMER  COUNTERTERRORISM 
CHIEF  ATTHECIA 


On  the  mobile  side,  independent  researcher 
Dino  Dai  Zovi  says  iOS  does  a  good  job  run¬ 
ning  applications  in  a  sandbox  that  rogue 
applications  would  have  to  escape  to  do  dam¬ 
age.  The  operating  system  has  a  dynamic 
signing  feature  for  applications  in  which 
the  device  itself  has  to  approve  applications 
before  running  them,  not  just  accepting  the 
Apple  certificate  that  says  they  are  approved. 

He  says  BlackBerries  have  better  data  pro¬ 
tection  than  iOS,  but  that  they  lack  a  sandbox 
for  running  applications.  He  says  Google’s 
Android  mobile  operating  system  is  more 
vulnerable  than  iOS.  Android  is  about  as 
secure  as  a  jailbroken  iPhone  that  has  lost 
many  of  its  security  features,  he  says. 

Celebrating  its  15th  anniversary,  Black  Hat 
this  year  went  beyond  technical  hacking  and 
entered  the  realm  of  politics  and  patriotism 
with  its  choice  of  keynote  speaker  Cofer  Black, 
former  counterterrorism  chief  at  the  CIA, 
who  called  on  attendees  to  consider  joining 
government  anti-cyberterrorism  programs. 

“My  world  of  terrorism  has  gone,”  says 
Black,  now  retired  after  28  years  in  the  CIA. 
“Now  it’s  your  turn.” 

Stuxnet  has  forever  changed  the  face  of  ter¬ 
rorism  and  the  consequences  of  cyberattacks, 
Black  says.  The  sophisticated  worm  that  took 
over  control  mechanisms  for  centrifuges  in 
Iran’s  nuclear  refinery  and  wore  them  out, 
had  the  impact  of  a  physical  assault. 

“Stuxnet  is  the  Rubicon  of  our  future,”  he 
says.  “What  had  been  college  pranks  cubed 
and  squared  has  now  changed  into  physical 


destruction  of  a  national  resource.  This  is 
huge.” 

Black  says  budding  cyber-counterterrorists 
must  be  ready  to  encounter  decision-makers 
being  unprepared  to  accept  that  cyberattacks 
are  the  coming  wave. 

He  says  that  leading  up  to  9/11,  his  CIA 
group  knew  a  large-scale  attack  was  coming, 
but  not  exactly  when  or  where.  The  group  had 
trouble  convincing  the  Bush  administration 
of  its  urgency,  he  says,  until  the  World  Trade 
Center  fell. 

Black  Hat  offered  a  glimpse  of  the  potential 
power  of  facial  recognition  combined  with 
social  network  data  mining  to  reveal  personal 
information  about  individuals  based  solely 
on  a  photo  of  them.  The  technique  calls  for 
linking  faces  of  random  individuals  to  images 
in  databases  that  contain  other  information 
about  them  and  using  that  information  to 
project  Social  Security  numbers,  says  Ales¬ 
sandro  Acquisti,  a  professor  at  Carnegie  Mel¬ 
lon  University,  who  presented  the  research. 

He  admits  the  method  is  far  from  foolproof, 
but  that  the  individual  pieces  of  technology 
are  developing  rapidly  and  could  be  ready 
for  use  in  the  real  world  in  the  foreseeable 
future.  He  is  working  on  projections  of  how 
long  it  will  take  for  the  technologies  involved 
to  develop  to  the  point  of  being  reliable. 

The  point,  Acquisti  says,  is  to  show  that  a 
framework  of  digital  surveillance  that  can  go 
from  a  person’s  image  to  personal  data  exists 
today  and  will  only  get  better  as  technologies 
improve,  making  privacy  more  scarce. 

Another  frightening  presentation  showed 
how  simple  it  is  to  hack  devices  connected  to 
phone  networks,  with  the  most  dangerous 
implication  being  potential  attacks  against 
the  control  systems  in  utility  networfesypower 
grids  and  industrial  manufacturing  plants. 

Don  Bailey,  a  consultant  with  iSec  Partners, 
demonstrated  compromising  a  car  alarm  via 
vulnerabilities  in  phone  networks,  but  made 
the  point  that  the  technique  works  equally 
well  against  Supervisory  Control  and  Data 
Acquisition  (SCADA)  systems  used  in  criti¬ 
cal  infrastructure. 

The  implications  are  severe  enough  that  he 
briefed  the  Department  of  Homeland  Security 
about  the  problem,  and  he  says  the  department 
is  following  up  with  vendors  of  vulnerable  gear 
as  well  as  owners  of  the  critical  infrastructure 
that  might  be  at  risk  as  a  result. 

By  following  clues  in  owner’s  manuals  or 
with  some  reverse  engineering  of  hardware, 
they  were  able  to  send  control  messages  to 
individual  devices.  He  says  they  compro¬ 
mised  the  car  alarm  in  about  two  hours.  ■ 
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iPads  power  productivity  gains  at  MicroStrategy 

Early  IT  support  for  Apple  iPads  creates  secure  access,  secure  data 


BY JOHN  COX 

SOFTWARE  VENDOR  MicroStrategy  has 
realized  that  2,300  corporate  iPads  create  a 
time  machine.  Employees  now  have  instant 
access,  via  Wi-Fi  or  3G,  to  the  company’s  real¬ 
time  business  data  and  processes. 

“It’s  a  very  powerful  device  for  business 
productivity,  because  of  the  way  in  which 
they  now  can  ‘capture  time’  during  the  day 
to  do  work,”  says  Dan  Kerzner,  senior  vice 
president  for  mobile  at  the  $454  million  com¬ 
pany.  MicroStrategy  traditionally  has  sold  a 
range  of  business  intelligence  applications 
linked  to  backend  databases,  the  company  is 
repositioning  itself  with  tools  that  let  custom¬ 
ers  create  mobile  business  intelligence  apps, 
especially  for  touch  devices  running  Apple’s 
iOS  firmware. 

“The  iPad  is  the  ultimate  information  con¬ 
sumption  device,”  Kerzner  says.  “It’s  got  a  giant 
screen  compared  to  a  smartphone,  and  a  form 
factor  that  lets  you  deliver  software  to  it,  and 
take  it  with  you  anywhere.  There  are  specific 
things  you  can  accomplish  with  the  iPad  that 
you  wouldn’t  have  been  able  to  do  otherwise.” 

The  iPad’s  introduction  in  April  2010 
caught  the  eye  of  MicroStrategy  CEO  Michael 
Saylor,  who  saw  it  as  an  opportunity  to  make 
mobility  far  more  productive  for  employees. 
By  July,  MicroStrategy  had  released  its  first 
native  iOS  apps  for  internal  use.  Soon,  the 
Windows  laptops  for  the  entire  sales  force 
were  replaced  with  iPads,  and  more  and  more 
employees  at  all  levels  were  finding  uses  for 
the  tablet.  Employees  also  use  MicroStrat- 
egy’s  new  commercial  iOS  apps  for  business 
intelligence. 

The  IT  group  was  on  board  early,  according 
to  Kerzner.  “You  accept  this  is  a  new  form  of 
device,  and  just  get  on  with  it,”  he  says.  “The 
tools  are  all  there.” 

At  MicroStrategy,  iPad  deployment,  secu¬ 
rity  and  management  was  very  similar  to  that 
for  laptops.  “Our  core  tenants  are:  secure  on¬ 
site  network  access,  secure  VPN  access  off¬ 
site,  and  an  inventory  of  devices  that  we  could 
plug  into  our  existing  device-management 
process,”  Kerzner  says. 

The  company  secures  the  iPads,  both  cor¬ 
porate  and  personal,  and  network  access  via 
a  corporate  security  profile,  which  is  installed 
on  all  iPads  (and  iPhones).  The  profile  enables 
secure  network  access  and  via  Microsoft’s 
Exchange  ActiveSync  protocol  secure,  pass¬ 
word-based  access  to  and  synchronization 
with  Exchange  email,  contacts  and  calendar. 


TfT: 


//  You  accept  that  this 
I  [iPad]  is  a  new  form  of 
device,  and  just  get  on  with 
it.  The  tools  are  all  there.” 


DAN  KERZNER,  VICE  PRESIDENT  OF  MOBILE, 
MICROSTRATEGY 


The  profile  dictates  policies  such  as  requiring 
a  passcode,  and  automatically  locking  when 
3  to  5  minutes  have  passed  without  activity. 
Users  are  unable  to  remove  the  profile. 

Employees  use  the  passcode  for  access  in 
the  office,  and  the  Cisco  VPN  implementation 
in  iOS  when  outside  the  office. 

“If  you  accept  that  profile,  we  can  guarantee 
the  security  policies  and  certificates,”  Kerzner 
says.  “We  have  an  authentication  process  to 
ensure  that  you  are  a  verified  user  to  get  the 
profile  in  the  first  place.” 

The  approach  lets  the  company  classify 
mobile  devices  by  type  and  treat  them  dif¬ 
ferently.  “If  you  connect  via  an  iPhone,  you 
won’t  get  the  full  access  to  all  our  systems,” 
Kerzner  says. 

“You  have  to  understand  how  data  on  a 
mobile  device  is  transmitted,  and  how  it  can 
be  encrypted  in  transit  and  at  rest,”  Kerzner 
says.  “We  have  256K  AES  encryption  and  a 
secure  certificate  infrastructure.  We  can  vali¬ 
date  who  you  are,  and  which  device  you  are 
using  to  access  our  network.” 

None  of  this  required  working  around  limi¬ 
tations  in  the  iOS  firmware.  “iOS  is  very  ade¬ 
quate,”  Kerzner  says  firmly.  “Apple  has  taken 
a  very  diligent  approach  to  IT  deployments. 


They’ve  been  very  focused  on  getting  out 
the  right  tools  to  deploy  these  devices  in  the 
enterprise.” 

The  security  framework  is  the  key  to 
enabling  user  access.  At  this  point,  the 
strengths  of  the  iPad  become  more  vis¬ 
ible.  Users  push  a  button  to  have  the  tablet 
instantly  useable;  they  have  secure  network 
connectivity  wherever  Wi-Fi  is  available;  and 
they  never  have  to  worry  about  battery  life. 

These  characteristics  marry  perfectly  with 
the  bite-sized  functions  and  tasks  that  con¬ 
stitute  an  iOS  app.  MicroStrategy  created 
an  internal,  native  iOS  app  called  Corporate 
Request  Center,  or  CRC.  It’s  a  collection  of 
eight  management  processes  such  as  expense 
reports,  time-off  requests  and  employee 
reviews.  These  can  be  filed  and  reviewed  any¬ 
time,  anywhere:  the  “time  machine  effect.” 

“In  the  past,  all  these  would  have  to  wait 
until  I  got  back  to  my  desk,”  says  Hugh  Owen, 
director  of  mobile  marketing  at  the  company, 
who  spends  about  half  his  time  away  from  his 
desk.  “Now  all  these  specific  requests  are  in 
my  app  and  I  can  see  them  and  act  on  them 
any  time  of  the  day.  By  acting  at  those  times, 
I  stop  being  a  bottleneck  to  the  organization. 
The  [business]  process,  whatever  it  is,  is  no 
longer  waiting  on  my  decision.” 

Business  intelligence  data  that  was  once 
the  exclusive  preserve  of  a  separate  caste  of 
“analysts,”  is  now  much  more  accessible, 
understandable  and  usable  to  a  much  larger 
group  of  employees,  says  Glen  Goldstein, 
MicroStrategy’s  vice  president  of  industry 
marketing.  “Today,  we  deliver  charts  and 
graphs  of  BI  data  directly  to  end  users.  The 
iPad  is  so  easy  to  use  and  understand,  and 
now  so  is  the  BI  data  displayed  on  it.” 

Owen  says  he  now  often  views  the  compa¬ 
ny’s  daily  internal  reports  on  his  iPad  before 
he  gets  out  of  bed.  He  runs  a  range  of  busi¬ 
ness  intelligence  reports  and  checks  the  list 
of  daily  field  activities  while  he’s  preparing 
breakfast. 

“We  don’t  see  ‘mobility’  as  an  incremental 
change,”  Kerzner  says,  “in  2013-14,  everyone 
will  be  living  and  working  in  a  fundamentally 
different  way.  Software  and  business  processes 
need  to  change  to  keep  up  with  that.”  ■ 
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Now,  manage  both  your  UPS 
and  your  energy  proactively 
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CO,  emissions 
monitoring: 

Reduce  environmental  impact 
through  increased  understanding 
of  CO:  emissions 


Risk 

assessment: 


Identify  and  proactively 
manage  threats  to  availability 
(e.g.,  aging  batteries) 


Energy  usage  and 
energy  cost  reporting: 

Save  energy  and  money  by 
tracking  energy  usage  and 
costs  over  time 


Only  APC  Smart-UPS  saves  money  and  energy 
without  sacrificing  availability 


Today’s  more  sophisticated  server  and  networking  technologies  require  higher 
availability.  That  means  you  need  more  sophisticated  power  protection  to  keep 
your  business  up  and  running  at  all  times.  But  that's  not  all.  In  today’s  economy, 
your  UPS  must  safeguard  both  your  uptime  and  your  bottom  line.  Only  APC  by 
Schneider  Electric™  helps  you  meet  both  of  these  pressing  needs.  Specifically, 
the  APC  Smart-UPS™  family  now  boasts  models  with  advanced  management 
capabilities,  including  the  ability  to  manage  your  energy  in  server  rooms,  retail 
stores,  branch  offices,  network  closets,  and  other  distributed  environments. 


Intelligent  UPS  management  software 

PowerChute™  Business  Edition,  which  comes  standard  with  Smart-UPS  5  kVA 
and  below,  enables  energy  usage  and  energy  cost  reporting  so  you  can  save 
energy  and  money  by  tracking  energy  usage  and  costs  over  time;  CO2  emissions 
monitoring  to  reduce  environmental  impact  through  increased  understanding;  and 
risk  assessment  reporting  so  you  can  identity  and  proactively  manage  threats  to 
availability  (e.g.,  aging  batteries). 

Best-in-class  UPS 

Our  intelligent,  interactive,  energy-saving  APC  Smart-UPS  represents  the 
combination  of  more  than  25  years  of  Legendary  Reliability™  with  the  latest  in  UPS 
technology  including  an  easy-to-read,  interactive,  alphanumeric  LCD  display  to  keep 
you  informed  of  important  status,  configuration,  and  diagnostic  information,  a  unique 
battery  life  expectancy  predictor,  and  energy-saving  design  features,  like  a  patent- 
pending  “green”  mode. 


Now,  more  than  ever,  every  cost  matters  and  performance  is  critical.  That’s  why 
you  should  insist  on  the  more  intelligent,  more  intuitive  APC  Smart-UPS. 


Download  White  Paper  #24,  "Effect  of  UPS  on  System 
Availability"  and  register  to  WIN  APC  Smart-UPS 
1500VA  Rack/Tower  LCD  120V,  a  $779  value! 

Visit  www.apc.com/promo  Key  Code  e€45v  Call  888-289-APCC  x6290 


Why  Smart-UPS  is  a 

smarter  solution 


Intuitive  alphanumeric  display 

Get  detailed  UPS  and  power  quality 
information  at  a  glance  -  including 
status,  about,  and  diagnostic  log 
menus  in  up  to  five  languages. 


Configurable  interface 

Set  up  and  control  key  UPS 
parameters  and  functions  using 
the  intuitive  navigation  keys. 

On  rack/tower  convertible  models, 
the  display  rotates  90  degrees 
for  easy  viewing. 


Energy  savings 

A  patent-pending  "green"  mode 
achieves  online  efficiencies  greater 
than  97  percent,  reducing  heat  loss 
and  utility  costs. 
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TOOLS 

Wi-Drive:  Good,  but  no  cigar 


couple  of  weeks  ago  I  wrote  briefly 
about  the  Kingston  Wi-Drive  and  now 
that  it’s  shipping  and  I’ve  got  the  latest 
firmware  installed  on  my  evaluation 
unit,  it’s  time  to  take  a  deeper  look. 

The  Wi-Drive  is  a  portable,  battery-powered, 

I  Wi-Fi-enabled  storage  system  designed  to  pro¬ 
vide  additional  storage  capacity  for  up  to  three  computers  over  Wi-Fi 
connections.  It  can  support  bridging  to  another  Wi-Fi  service,  and 
offers  specific  support  for  iOS  devices  through  free  apps. 


Mark  Gibbs' Gearhead 


At  121mm  by  62mm  by  10mm,  the  Wi- 
Drive  is  smaller  than  an  iPhone  and  weighs  a 
mere  85  grams. 

There’s  a  USB  2.0  port,  two  of  the  dreaded 
blue  LEDs  to  indicate  Wi-Fi  and  bridging 
activity,  and  a  power  button  that  lights  up 
according  to  the  battery  charge  (green  for  75% 
to  100%,  orange  for  25%  to  75%  and  red  for 
less  than  25%).  Curiously,  for  once,  the  LEDs 
aren’t  too  bright;  if  anything,  they  aren’t  bright 
enough!  In  particular,  the  power  button  color 
is  hardly  visible  under  regular  office  lighting! 

The  rechargeable  battery  is  good  for  about 
four  hours  of  use  though,  once  running,  you 
can  connect  it  to  the  included  power  adapter 
and  have  unlimited  operation  time. 

The  Wi-Drive  provides  secured  802.11n 
Wi-Fi  access  (both  WPA  and  WEP  are 
supported)  to  both  its  content  and  to  any 
network  it  bridges  to.  Wi-Fi  access 
to  onboard  content  is  read-only  via 
HTTP,  but  you’ll  want  to  be  careful 
who  you  let  access  your  Wi-Drive 
as  there  are  no  other  access  controls 
for  content,  bridging  or  the  Wi- 
Drive’s  configuration. 

The  iOS  apps  are  stable  and 


functional,  but  they  aren’t  particularly 
sophisticated.  For  example,  they  don’t 
attempt  to  switch  the  Wi-Fi  connection  to 
connect  to  the  Wi-Drive;  if  the  Wi-Drive  can’t 
be  found,  the  app  just  dumbly  sits  there  until 
you  get  a  connection  and  click  on  the  applica¬ 
tion’s  “home”  button. 

The  iOS  apps  aren’t  complicated:  They 
simply  reframe  Web  pages  loaded  from 
the  Wi-Drive  via  HTTP,  which  means  any 
device  with  a  Web  browser  connected  to  the 
Wi-Drive  via  Wi-Fi  can  also  access  the  same 
Web  pages,  albeit  with  a  slightly  “clunkier” 
user  interface. 

When  bridging  is  used  the  Wi-Drive  can 
also  be  accessed  from  the  network  it  bridges 
to,  but  there’s  no  way  to  modify  the  Wi-Drive’s 
content  and  there’s  no  security  to  prevent 
viewing  anything  on  the  Wi-Drive.  I  would 


have  expected  these  issues  to  be  addressed. 

So,  the  only  way  to  add,  modify  or  delete 
content  on  a  Wi-Drive  is  to  connect  it  via  its 
USB  2.0  port  to  a  computer  running  OS  X, 
Windows  or  Linux.  Unfortunately,  when 
the  Wi-Drive  is  mounted  as  a  USB  drive,  its 
Wi-Fi  services  are  disabled.  This  is  a  shame; 
being  able  to  sync  content  from  a  PC  in  real 
Lime  over  USB  to  the  Wi-Drive  and  have 
simultaneous  Wi-Fi  access  would  make  the 
Wi-Drive  more  useful. 

Priced  at  $149.99  for  16GB  of  storage  and 
$199.99  for  32GB  (the  final  prices  changed 
since  my  previous  column),  the  Wi-Drive  is 
a  little  on  the  spendy  side  considering  that, 
for  example,  buying  a  32GB  iPad  rather  than 
a  16GB  iPad  increases  the  iPad’s  price  by 
$100 ...  in  other  words,  $50  less  than  adding 
16GB  of  storage  with  a  Wi-Drive.  And  when 
it  comes  to  a  buying  a  64GB  iPad  instead  of  a 
32GB  version,  Apple  charges  the  same,  $100, 
as  the  16GB  upgrade,  making  the  32GB  Wi- 
Drive  at  $200  look  very  expensive. 

So,  the  Kingston  Wi-Drive  is  a  good  idea  but 
its  weaknesses  (the  high  relative  cost  of  Wi- 
Drive  storage  along  with  the  lack  of  anything 
more  than  basic  security  and  the  simplistic 
iOS  apps)  get  it  a  rating  of  3  out  of  5.  ■ 

Gibbs  rates  in  Ventura,  Calif.  Your  score  to 
gearhead@gibbs.com. 


The  iOS  apps 
are  stable  and 
functional, 

but  they  aren’t 

particularly 

sophisticated. 
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No  other  web  host  offers 
more  expertise,  know¬ 
how  and  quality  service 
than  1&1. 


SUMMER  SPECIAL:  1&1  DUAL  ADVANCED  PACKAGE 

1  YEAR  FREE! 


■  2  FREE  Domains 

■  FREE  Private  Domain  Registration 

■  DNS  Management 

■  500  E-mail  Accounts 

■  150  GB  Web  Space 

■  UNLIMITED  Traffic 


■  50  FTP  Accounts 

■  1&1  SiteAnalytics 

■  ASP,  .NET,  AJAX,  LINQ,  PHP5,  Perl,  SSI 
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'Offers  valid  through  August  31,  2011.  24  month  minimum  contract  term  required  for  Dual  Advanced  offer.  Set-up  fee  and  other  terms  and  conditions  may  apply,  .com  price  valid  first  year  only. 
After  first  year,  standard  pricing  applies.  Visit  www.1and1.com  for  full  promotional  offer  details.  Program  and  pricing  specifications  and  Availability  subject  to  change  without  notice.  1&1  and 
the  1&1  logo  are  trademarks  of  1&1  Internet  AG,  all  other  trademarks  are  the  property  of  their  respective  owners.  ©  2011  1&1  Internet,  InC.  All  rights  reserved.  ,  •• 


4: 


■m ' ; 1 


. 


...  ’■  v  ■ 

i  ' 


ii  i  ii  in  it  toolshed 


GADGETS 

Keyboard  links  to  multiple  Bluetooth 
devices;  a  lightweight  PC  headset  system 


Keith  Shaw’s 
Cool  Tools 


Multi-Link 
Bluetooth 
Keyboard  with 

Touchpad  (GKM611B) 

by  logear,  about  $80 

►  What  it  is:  This  full-size  Bluetooth  key¬ 
board  lets  you  connect  up  to  six  Bluetooth- 
enabled  devices,  including  PCs,  Macs,  Media 
Center  PC  systems  (connected  to  a  TV), 
smartphones,  game  consoles  and  tablets. 

The  connections  are  not  simultaneous  —  you 
need  to  hit  a  function  key  and  number  (from 
1-6)  to  connect  to  the  device  that  you  want  to 
control.  A  small  touchpad  on  the  right  side  of 
the  keyboard  provides  mousing  capabilities, 
handy  for  the  computer-based  devices.  If 
you  have  a  Windows  Media  Center  machine, 
special  buttons  let  you  do  things  like  access 
the  My  Videos,  My  Music,  RecordTV  and 
change  the  volume,  etc. 

►  Why  it’s  cool:  If  you  find  yourself 
acquiring  many  different  devices  that 
could  potentially  benefit  from  an  external 
keyboard  (including  an  iPad,  smartphone 
and  media  center/game  console),  then  using 
one  keyboard  to  control  everything  instead 
of  purchasing  multiple  keyboards  could 
save  you  a  ton  of  money  in  the  long  run.  For 
the  office,  using  one  keyboard  to  control 
different  PCs  saves  space  in  addition  to 
money.  I  also  liked  the  full-size  nature  of  the 


THE 

SCOOP 


keyboard,  especially  for  typing  on  things  like 
my  smartphone  (an  iPhone  4)  and  the  iPad. 

►  Some  caveats:  Because  it’s  a  larger-size 
keyboard,  you  might  not  want  to  travel  with 
it;  the  media  center  keys  aren’t  helpful  if  you 
don’t  have  a  media  center  system.  The  touch- 
pad  area  on  the  keyboard  may  be  too  small 
for  some  users  —  in  that  case,  I’d  recommend 
just  using  a  mouse. 

►  Grade:  ★★★★  (out  of  five). 


THE 

SCOOP 


Savi  440 

by  Plantronics,  about  $280 


►  What  it  is:  The  unit  is  a  USB- 
connected  wireless  headset 
for  use  with  voice  applications  on  PCs  and 
Macs,  including  Skype,  Web  chat  (Facebook, 
Google+  hangouts),  as  well  as  unified  commu 
nications  software  packages  from  Avaya, 
Cisco,  Microsoft  Lync  and  Shore  Tel.  The 
headset  also  lets  you  listen  to  music  via 
iTunes,  Winamp  and  Windows  Media 
Player. 

►  Why  it’s  cool:  The  Savi  440  utilizes 
DECT  wireless  technology,  similar  to 
that  in  cordless  phone  systems,  letting 
the  user  walk  up  to  300  feet  away 
from  the  USB  transmitter/dongle.  For 
home  office  workers,  they  can  walk 
around  during  a  call  a  lot  easier 
than  with  a  Bluetooth  adapter  or 
other  non-DECT  headset.  The 


noise-canceling  microphone  provides  great 
audio  quality  for  the  recipient  on  the  other 
end  of  the  call,  which  can  be  a  great  benefit 
when  doing  things  like  Skype  Web  chats. 

The  system  also  provides  three  wearing 
styles  —  on-ear,  over-the-head  or  behind- 
the-head,  with  different  ear  loops  to  get  the 
correct  fit.  The  system  comes  with  a  nice 
magnetic  docking  station  to  recharge  the 
headset,  which  Plantronics  says  gets  up  to 
seven  hours  of  talk  time  (narrowband  mode; 
in  wideband  mode,  up  to  four  hours),  and  the 
battery  can  be  hot-swapped  during  a  phone 
call.  Additional  software  from  Plantron¬ 
ics  allows  for  multimedia  pause  (when  a 
call  comes  in,  the  music  pauses  and  then 
resumes  upon  call  completion),  headset 
battery  status,  and  presence  status  (with 
Skype/ Lync).  The  light  weight  of  the  headset 
(21  grams)  can  be  a  benefit  compared  with 
bulkier  headphone/microphone  combina¬ 
tions  for  the  PC. 

►  Some  caveats:  The  system  doesn’t 
pair  with  your  desk  phone  or  mobile 
phone,  this  is  strictly  for  PC-based  phone 

applications.  Other  Savi  models  are  needed 
for  those  purposes.  In  addition,  the  headset 
sits  awkwardly  in  the  docking  station 
when  used  in  the  over-the-head  format. 

►  Grade 


Shaw  can  be  reached  at 
kshaw@nww.com. 
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Network  World  offers  more  than  30  technology 
specific  e-mail  newsletters,  written  by 
experienced  editors  and  industry  experts, 
offering  the  latest  news,  information,  advice 
and  tips  directly  related  to  particular  topics, 
such  as  LANs,  WANs,  wireless,  security,  storage, 
convergence,  linux  and  open  source,  data 
centers,  and  much  more.  You  can  sign  up  for 
any  of  our  newsletters  by  going  to 
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NETWORKWORLD 


BY  BETH  SCHULTZ 


CREATES  HEAVY  LIFT 


Managing  cloud  infrastructure  and  services  is  similar  to  traditional  network  management 
—  only  bigger,  badder  and  more  complex.  Where  once  you  had  to  deal  with  maybe  one  or 


two  strategic  outsourcers,  in  the  cloud  world  you’re  more  likely  contending  with  a  dozen  or  more 


cloud  service  providers,  be  they  software  as  a  service  or  infrastructure.  Where  application  work¬ 
loads  once  moved  over  private  links  inside  your  data  center,  now  they’re  flitting  across  the  Internet. 

Where  server  and  storage  capacity  once  fell  to  IT  exclusively,  now  anybody  can  grab  the  resources 
they  need,  as  quickly  as  they  can  pull  up  and  fill  out  a  Web  form  and  enter  credit  card  numbers. 

So  how  are  enterprise  IT  managers  supposed  to  handle  the  supersize  management  challenges 


the  cloud  throws  their  way?  Here’s  some  advice  for  managing  the  cloud. 

Have  consistent  data  models 


Sounds  simple,  but  don’t  be  fooled,  says 
Beth  Cohen,  senior  architect  and  consultant 
at  Cloud  Technology  Partners,  a  cloud  con¬ 
sulting  firm. 

Most  companies  have  standard  terminol¬ 
ogy  in  data  records  and  databases  to  which 
cloud  applications  should  adhere.  This  can 
be  as  basic  as  storing  data  with  a  standard  ID 
number  and  using  the  same  naming  conven¬ 
tion  across  CRM  instances. 

This  is  easy  enough  to  control  when  IT  is 
guiding  the  purchasing  and  the  deployment, 
but  what  happens  when  the  marketing  depart¬ 
ment  turns  to  Salesforce.com  for  its  CRM 
needs,  as  does  sales,  but  in  a  different  project? 


Businesspeople  bringing  in  applications 
via  the  SaaS  model  aren’t  necessarily  going 
to  be  thinking  on  that  level.  And  IT  has  got  to 
get  out  in  front  of  this  issue,  Cohen  says. 

“As  long  as  the  data  models  match  when 
you  want  to  orchestrate  with  other  applica¬ 
tions,  either  elsewhere  in  the  cloud  or  internal 
to  the  enterprise,  the  integration  process  will 
be  that  much  easier.  And  note,  that  is  ‘when’ 
you  want  to  do  this,  not  ‘if,’  because  this  will 
be  happening,”  Cohen  says. 

Integration,  she  adds,  is  a  real  struggle 
point.  “It’s  not  unsolvable;  it’s  a  technology 
problem.  But  IT  had  to  be  aware  of  it.” 

With  integration  of  one  sort  or  another 
all  but  inevitable  as  enterprise  cloud  use 


evolves,  the  smart  IT  department  should  be 
taking  a  lead  on  qualifying  cloud  providers 
with  this  tricky  management  issue  in  mind, 
Cohen  says. 

That  could  prove  challenging,  she  says. 
“Most  vendors  haven’t  been  too  proactive 
about  the  integration  piece.  They’re  verti¬ 
cally  focused  and  mostly  concerned  only 
about  delivering  their  service  and  not  about 
integrating  with  the  10  or  100  other  applica¬ 
tions  a  particular  company  might  have.” 

At  the  American  Hospital  Association, 
in  Chicago,  no  SaaS  provider  gets  by  IT’s 
scrutiny  —  and  IT  does  due  diligence  on  all 
potential  cloud  service  providers  —  without 
meeting  a  set  of  integration-related  checklist 
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items,  says  Karthik  Chakkarapani,  IT  direc¬ 
tor  of  technology  solutions  and  operations. 

Knowing  how  a  potential  provider  will 
integrate  with  current  and  future  SaaS 
applications,  how  it  will  work  with  the  orga¬ 
nization’s  hybrid  cloud-based  single  sign-on 
(SSO)  environment  and  how  it  provides  data¬ 
base  access  are  imperative,  he  says. 

"The  best  way  to  interact  with  data  is 
through  Web  services,  so  we  ask  what  kinds 
of  Web  services  they  support,  too,”  Chak¬ 
karapani  adds. 


Create  a  provider  ecosystem 

One  of  the  biggest  man¬ 
agement  headaches  of 
having  SaaS  applica- 
tions  intertwined  with 
each  other  and  internal  ^Mis¬ 

applications  is  coordi¬ 
nating  updates  and 
fixing  issues  with  |  | 

one  that  might  affect  1 

the  others,  Chak¬ 
karapani  says.  This 
is  an  art,  and  where  ^ 
a  strong,  preferably 


ENTERPRISE  CLOUD  SERVICES 


'■  CLOUD  MANAGEMENT 


JF  g  Anybody  can  do  this; 

I  ■  it’s  so  simple,  but  it  gives  us 
better  leverage  on  our  resources 
and  speeds  up  cycle  times  while 
letting  IT  be  more  responsive.” 

GEOFF  CUBITT,  PRESIDENT  AND  CTO,  ROUNDARCH 


IT  Infrastructure  Library-based  internal  ser¬ 
vice  desk,  is  essential,  he  says. 

The  AHA  requires  coordination  among 
about  30%  of  its  SaaS-provided  applications; 
the  rest  live  in  silos,  Chakkarapani  says.  In  one 
recent  example,  Symplified  tested  and  vali¬ 
dated  that  its  SSO  service  worked  with  the  lat¬ 
est  social  collaboration  release  from  SaaS  pro¬ 
vider  Socialtext  prior  to  the  AHA  putting  the 
upgrade  into  its  production  network,  he  says. 

“When  one  vendor  has  an  upgrade,  both 
have  to  test  before  we  can  go  into  production. 
These  issues  are  slowly  starting  to  crop  up, 
and  the  more  and  more  we  have,  the  more 
important  it  is  that  we  have  a  good  vendor 
ecosystem,”  he  says. 

Build  a  DevOps  team 

One  of  the  hairiest  infrastructure  management 
issues  for  IT  operations  is  actually  not  being 
able  to  manage  resources  at  all.  That  scenario 
occurs  when  developers  go  around  IT  and  grab 
resources  in  the  cloud  rather  than  wait  on  tra¬ 
ditional  internal  provisioning  processes. 

Creating  a  DevOps  team  that  can  provide  the 
rapid  provisioning  and  super  smart  configura¬ 
tions  required  of  today’s  most  agile,  cloud-ori¬ 
ented  developers  is  one  of  the  best  ways  to  cir¬ 
cumvent  this  problem,  says  Rachel  Chalmers, 
an  analyst  with  The  451  Group.  This  means  IT 
must  embrace  a  change  in  mindset  —  to  one  of 
a  service  provider  —  and  a  new  toolset. 

On  the  later  point,  Chalmers  encourages 
DevOps  teams  to  use  cloud  infrastructure 
automation  tools  from  companies  such  as 
Opscode  or  Puppet  Labs. 

Go  for  drag-and-drop  simplicity 

Being  able  to  capitalize  on  the  use  of  a  fully 
dynamic  private  or  hybrid  cloud  infrastruc¬ 
ture  requires  a  management  tool  that  lets  you 
do  things  like  reduce  cycle  times,  provide  bet¬ 
ter  automation,  get  a  handle  on  resource  con¬ 
sumption  for  chargeback  purposes,  ensure 
adherence  to  security  standards  and,  of 
course,  quickly  and  easily  spin  up  new  envi¬ 
ronments  and  scale  resources. 

This  means  adding  a  cloud  management 
layer  on  top  of  what  a  company  already  has 
in  place  for  virtualization  management, 
says  Dhiraj  Pathak,  director  of  Pricewater- 
houseCooper’s  CIO  Advisory  Services  prac¬ 
tice.  “This  is  a  distinct  layer  of  capability,  one 
that  allows  for  the  efficient  management  of 
these  virtualized  resources.  It’s  still  in  its  early 
days,  with  some  parts  of  the  layer  maturing 
while  others  are  yet  to  fully  form,”  he  says. 

Building  such  an  overlay  that  would  allow 
for  more  automation  and  smarter  resource 
use  was  the  objective  for  Roundarch,  a  digital 


design  firm  in  Chicago,  when  it  went  looking 
for  an  enterprise  cloud  management  tool. 
Plus,  says  Geoff  Cubitt,  president  and  CTO, 
the  company  wanted  to  be  able  to  let  users 
manage  things  on  their  own,  thus  reduc¬ 
ing  the  strain  on  the  IT  team  and  providing 
much-needed  flexibility  across  hypervisor 
environments. 

The  ability  to  create,  then  drag  and  drop, 
reusable  images  and  templates  from  one  envi¬ 
ronment  to  another  is  key  when  dealing  with 
the  cloud,  Cubitt  says. 

He  notes  that  Roundarch  has  met  all  of  its 
cloud  management  objectives  with  Abiquo 
Enterprise  Cloud  Management  software.  ( Net¬ 
work  World  last  spring  recognized  Abiquo  as 
one  of  15  cloud  companies  to  watch  for  2010.) 

“Drag-and-drop  image  build  lets  us  do 
things  like  spin  up  a  standard  environment 
—  maybe  that’s  the  OS,  the  application  server 
and  a  database  hardened  with  our  security 
standards  and  configurations  that  we  like  — 
and  copy  it  to  where  we  need  it.  This  means 
I  don’t  have  to  have  my  best  systems  admin¬ 
istrators  setting  up  these  environments. 
Anybody  can  do  this;  it’s  so  simple,  but  it 
gives  us  better  leverage  on  our  resources  and 
speeds  up  cycle  times  while  letting  IT  be  more 
responsive,”  Cubitt  says. 

Account  for  multi-hypervisors 

Look  for  an  enterprise  cloud  management  tool 
that  will  support  multiple  hypervisor  —  even 
if  you’re  only  using  one  today,  experts  advise. 
Lots  of  companies  have  built  their  virtual  data 
centers  around  VMware  but  will  increasingly 
look  to  bring  in  other  hypervisors  to  drive  costs 
down  and  gain  more  flexible  provisioning 
options  as  they  migrate  to  the  cloud. 

At  Roundarch,  for  example,  having  the 
Abiquo  management  software  facilitated  the 
company’s  move  away  from  VMware/Red 
Hat  Linux  to  a  lower-cost  Xen  OS  environment, 
Cubitt  says.  Abiquo,  which  supports  multiple 
hypervisors,  allows  Roundarch  IT  adminis¬ 
trators  to  port  images  created  in  the  VMware/ 
Linux  environment  to  the  Xen  world. 

“That  let  us  build  out  from  our  existing  infra¬ 
structure  and  lets  us  leverage  both  internal  and 
external  clouds,  being  about  to  burst  into  pub¬ 
lic  resources  as  appropriate.  We  wanted  the 


flexibility  to  be  able  to  manage  across  bound¬ 
aries,  and  we  got  it,"  Cubitt  says. 

Getting  the  right  management  tool,  PwC’s 
Pathak  agrees,  is  critical  for  a  successful 
cloud  deployment. 

Look  for  help  on  cost  management 

The  use  of  cloud  resources,  especially  when 
business  groups  are  making  some  of  these 
decisions,  seriously  complicates  the  ability  to 
capture  and  manage  the  total  cost  of  IT,  says 
Phil  Garland,  a  partner  in  PwC’s  CIO  Advi¬ 
sory  Services  practice. 

“We  find  integrating  of  the  cloud  fulfill¬ 
ment,  particularly  if  resources  are  coming 
from  the  public  cloud  to  the  standard  pro¬ 
curement  process  within  the  enterprise,  is  an 
area  where  people  get  surprised.  It’s  a  difficult 
connection  to  establish,  but  it’s  so  important 
to  be  able  to  effectively  track  consumption  of 
resources  from  the  cloud  and  the  cost  of  con¬ 
suming  those  resources,”  Pathak  says. 

Toward  that  end,  look  for  cloud  manage¬ 
ment  tools  that  incorporate  financial  engineer¬ 
ing  aspects  of  cloud  services.  That’s  a  major 
differentiator  starting  to  emerge  among  tool 
makers,  with  some  enabling  mapping  against 
specified  service-level  agreements,  he  says. 

And  if  introducing  cloud  services  inter¬ 
nally,  he  adds,  IT  needs  to  develop  a  consistent 
cost  model.  “Transparency  is  a  big  expecta¬ 
tion  users  have  around  the  cloud,  so  you  don’t 
want  to  be  costing  out  every  service  on  an  ad 
hoc  basis.” 

Leave  no  discipline  untouched 

Overall,  the  challenges  of  cloud  management 
are  similar  to  traditional  management,  but 
bigger  and  “badder.”  All  the  same  disciplines 
enterprise  IT  organizations  have  applied  to 
their  legacy  environments  have  a  place  here, 
too. 

This  includes  the  application,  network 
and  systems  management  realms,  as  well  as 
overarching  programs  like  governance,  policy 
orchestration  and  SLA  management. 

So,  power  up  on  management  capabilities 
before  plowing  into  the  cloud.  ■ 

Schultz  is  a  longtime  IT  writer  and  editor.  She 
can  be  reached  at  bschultz5824@gmail.com. 
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When  it  comes  to  the  public  cloud, 
don’t  just  ask  questions. 

Ask  The  10  Big  Questions. 

VM ware  vCloud 8  Datacenter  Service 

Looking  for  a  public  cloud  services  provider?  VMware  vCloud  Datacenter  Service  delivers  globally  consistent 
enterprise-class  cloud  computing  infrastructure  services  for  your  cloud.  Offered  by  VMware-certified  service 
providers,  our  solution  delivers  the  business  agility  and  cost  effectiveness  of  public  clouds  without  compromising 
on  the  portability,  compatibility  and  security  demanded  by  enterprise  IT  organizations. 

Finding  the  right  service  provider  for  your  cloud  begins  with  asking  The  10  Big  Questions. 

Start  asking  at  vmware.com/go/the10bigquestions 
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V— /  loud  management  tools  are  as  var¬ 
ied  as  cloud  uses.  For  this  test,  we  chose 
five  tools  that  each  attack  cloud  manage¬ 
ment  from  a  different  perspective. 

We  looked  at  Symplifed  for  identity 
management  exclusively  targeted  to 
SaaS-based  apps,  Puppet  Labs  for  virtual 
machine  deployment,  HP  for  building 
and  managing  private  clouds,  Abiquo  for 
IaaS  platform  management  and  TurnKey 
Linux  for  low-cost  cloud  backup. 


ISymplified  Identity  Manager 
a  and  SinglePoint 

Symplified  Identity  Manager  (SIM)  provides  administrators 
with  a  way  to  deal  with  Web-based  application  identity  and 
passwords.  This  is  done  through  an  “identity  router”  called 
SinglePoint.  The  SIM  product,  in  turn,  manages  identity  for 
users  with  SaaS  applications. 

The  SaaS  applications  covered  include  Linkedln,  Google 
Apps  (the  business  version),  Salesforce  and  many  more. 
Almost  any  Web  app  that  has  a  login  screen  can  be  included, 
using  HTTP  federation. 

With  SAML-based  SIM  and  SinglePoint,  all  of  the  construc¬ 
tion  of  authentication  is  “behind  the  scenes”  to  users.  Admin¬ 
istratively,  we  found  SIM  and  SinglePoint  to  be  a  little  tough, 
but  very  usable  once  constructed. 

SIM  develops  an  identity  vault  that  stores  passwords  and 
identities  for  selected  websites.  These  identities  can  be  linked 
to  local  in-house  user  stores  such  as  LDAP  or  Active  Direc¬ 
tory  via  the  included  SimpleLink  connector. 

The  identities  and  pass¬ 
words  are  stored  in  a 
centralized  vault  that  is 
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encrypted  with  AES128,  using  a  rotating  encryption  key.  The  vault 
is  stored  on  the  Identity  Router,  which  can  be  installed  locally  or 
hosted  by  Symplified  (ours  was  hosted). 

The  identity  router  becomes  a  middleman  to  connect  the  user 
to  the  apps.  Single  sign-on  (SSO),  access  control  and  centralized 
auditing  are  some  of  the  benefits  of  SinglePoint.  But  it  must  be 
emphasized  that  Symplified  is  only  for  Web-based  apps. 

Setup  and  configuration 

SIM  needs  a  virtual  machine  ( VM)  to  connect  your  credentials  (like 
Active  Directory  or  LDAP)  to  the  Symplified  cloud-hosted  proxy 
authentication  system.  The  VM  instance  uses  CentOS  5+  or  Red  Hat 
Linux.  We  used  CentOS  and  only  installed  an  SSH  server  on  it. 

After  that  we  installed  SimpleLink  RPM  (Red  Hat  Package  Man¬ 
ger)  kit.  Symplified  usually  helps  customers  with  this  portion  of 
install;  we  tried  doing  it  ourselves.  After  we  had  a  setup  call,  we  got 
help  linking  our  Active  Directory  to  Symplified’s  cloud  platform. 
There  is  a  local  Web  interface  for  uploading  the  credentials.  The 
SimpleLink  server  then  connects  our  infrastructure  with  its  Iden¬ 
tity  Router(s),  and  behind  the  scenes  SimpleLink  uses  openVPN 
to  secure  the  channels. 

SinglePoint  Portal  is  the  cloud-based  admin  Web  portal 
where  everything  is  set  up  and  configured.  SinglePoint  Portal 
is  a  Flash-based  app  and  is  responsive,  although  the  fact  that  it 
uses  Flash  will  give  some  organizations  security  concerns.  The 
portal  allowed  us  to  add  user  stores  or  entries  of  logon  IDs  and 
passwords.  We  could  create  application 
groups  and  links  to  the  applications 
themselves.  HTTP  Federation  or  SAML  I  RJ1  II  1*1 

type  apps  can  be  discovered,  but  it’s  also  mm  Rh §%.  1® 

possible  to  manually  configure  HTTP- 
based  apps  that  log  users  on. 

Within  the  portal’s  app  groups  selec¬ 
tion,  we  could  create  policies  to  allow  cer¬ 
tain  users/groups  access  to  various  apps 
based  on  attributes  that  are  retrieved 
from  the  various  user  stores. 

There’s  a  “My  Dashboard”  section  that  displays  an  overview  of 
Identity  Router  sessions,  loads,  file  system,  CPU  usage,  system 
memory  and  configuration  info  such  as  how  many  user  stores,  app 
groups,  applications,  policies  and  Web  servers  have  been  created. 

Perhaps  the  only  operational  criticism  that  we  have  of  the  pro¬ 
cess  is  that  there  is  no  interstitial  message  to  remind  us  to  publish 
configurations  when  they’re  changed.  If  we  were  to  forget,  and  exit 
without  publishing,  nothing  would  be  saved. 

Overall,  SIM  is  a  nice,  lightweight  but  highly  effective  method 
of  dealing  with  many  internal  users  needing  single  sign-on  with 
multiple  popular  cloud-based  SAML/HTTP  applications. 


Abiquo  1.7 

Si  The  Abiquo  platform  is  a  unifying  management 
application  that’s  compatible  with  VMware,  Xen,  HyperV,  Red 
Hat  and  KVM-based  products. 

Abiquo  is  a  multi-tenant  application,  and  can  remold  resources 
in  fascinating  ways.  We  tested  Abiquo  using  what  it  calls  “proof 
of  concept  modeling.”  This  method  has  its  limitations  for  testing, 
but  we  were  able  to  get  a  good  feel  for  how  Abiquo  works. 

An  Abiquo  engineer  guided  us  through  the  installation,  as  the 
company  does  for  all  of  its  clients.  Multiple  services  need  to  be 
installed,  including  Abiquo  Server,  Abiquo  Remote  Services,  Abi¬ 
quo  V2V  Conversion  Services,  DHCP  and  a  NFS  Server. 

We  could  put  all  these  services  on  a  single  ESXi  host  and  install 
the  services  under  different  VMs.  Abiquo  is  pretty  easy  to  use  once 
all  the  prerequisites  are  in  place. 

Our  installation  specifics  used  a  CentOS  installation.  All  we  had 
to  do  was  select  the  different  options  that  we  wanted  to  install  and 
fill  in  some  values.  The  server  VMs  were  easy  to  set  up  and  config¬ 
ure.  The  installation  forms  are  understandable  and  useful. 

We  could  also  brand  our  portal.  This  allows  ISPs  and  customers 
to  bundle  services  together  for  aggregation  poised  towards  groups. 
All  the  branding  that  was  required  was  replacing  a  few  files  and 
restarting  the  server. 

Inside  the  GUI  are  infrastructure  views  for  admins,  which 
show  resources  in  terms  of  VMs,  vCPUs,  storage  and  other  infra¬ 
structure  characteristics.  Admins  can  add  “bare  metal”  physical 
hypervisors  to  a  “rack”  and  configure  each  one.  They  can  also  view 
networks,  storage  tiers  and  allocation  rules. 

Abiquo’s  Virtual  Datacenters  are  among  the  exciting  elements 
of  the  components.  We  could  see  virtual  data  centers  created  with 
supplied  or  our  own  virtual  appliances,  along  with  network  and 
volume  information.  We  could  add/delete/edit  virtual  appliances, 
which  lends  itself  to  “off  the  rack”  data  center  provisioning.  We  could 
also  set  up  resource  limits  for  each  virtual  data  center. 

In  turn,  an  Apps  Library  is  built  that  lists  all  the  virtual  images 
that  have  been  downloaded  from  remote  repositories  or  uploaded 
from  local  files. 

A  tab  in  the  GUI  lists  the  users  for  each  “enterprise,”  which 
can  be  used  to  separate  users  into  different  groups  and  roles.  The 
events  tab  lists  all  the  events  that  happen  (similar  to  Unix  logs,  Info, 
Warning,  Normal,  Major,  Critical)  —  all  color-coded  for  our  view¬ 
ing  pleasure. 

Interestingly,  Abiquo  divides  VMs  into  managed  or  persistent 
vs.  non-persistent,  which,  upon  shutdown,  evaporate  and  repopu¬ 
late  the  resource  pools  available. 

Abiquo’s  virtual  data  center  infrastructure  is  egalitarian,  yet 
fairly  easy  to  deploy  and  to  manage,  both  for  internal  use  and  for 
customers  or  business  units. 
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3  HP  CloudSystem  Matrix 

111  We  tested  HP’s  CloudSystem  Matrix  6.3,  a  private¬ 
facing  IaaS  management  tool.  There’s  also  CloudSystem 
Enterprise,  which  controls  internal  IaaS,  PaaS  and  SaaS,  and  a 
Service  Provider  version. 

Matrix  is  a  sophisticated  and  complicated  combination  of  HP 
blade  servers  and  management  software.  Its  breadth  is  staggering, 
but  the  system’s  complexity  can  also  make  it  difficult  to  use.  Matrix 
manages  a  wide  breadth  of  hardware,  software  and  virtual  machin¬ 
ery  (chiefly  VMware)  in  a  control  plane  of  IaaS.  Its  components  con¬ 
sist  of  several  servers,  including  a  blade  server,  software  controls, 
server  storage  and  software.  The  package  isn’t  just  for  HP  systems, 
as  CloudSystem  Matrix  can  discover  a  long  list  of  hardware  and 
infrastructure  by  IP  address  range,  although  this  wasn’t  tested. 

Matrix,  which  we  tested  on  HP  blades,  has  a  cloud- in- a-box  feel. 
There  are  a  number  of  software  parts  and  pieces  that  go  together  and 
are  managed  through  a  Web-based  administrative  portal.  The  por¬ 
tal  includes  links  to  all  the  different  application  pieces. 

The  portal  is  quite  daunting  as  there  are  so  many  menus,  sub¬ 
menus  and  options  on  each  screen.  The  operations  seem  stitched 
together  and  some  parts  of  it  seem  to  load  another  part,  but  we 
weren’t  sure  which  part  was  being  loaded.  Nonetheless,  Cloud- 
System’s  breadth  manages  a  wide  variety  of  infrastructure. 


Insight  Orchestration 

The  pivotal  piece  of  Matrix  works  through  an  app  called  Insight 
Orchestration.  Matrix  has  a  discovery  application  that  works  on 
existing  infrastructure,  identifying  assets  and  arranging  them. 
These  are  added  to  a  clever  tool  that  uses  icons  to  drag  and  drop  a 
visual  representation  of  discovered  or  inserted  infrastructure. 

Templates  are  then  used  to  drag  and  drop  objects  like  bare  metal 
or  virtual  disks,  servers,  network  and  VLANs  into  a  map.  We  could 
then  connect  the  objects,  inserting  details  about  a  connection  as  we 
went  through  the  process.  Once  the  template  is  done,  it’s  launched 
and  progress  can  be  viewed,  along  with  actions  that  might  need 
admin  approval  during  deployment.  Users  are  then  added,  and  we 
could  connect  to  Active  Directory  to  link  users  to  the  application. 

We  could  also  create  asset  pools  of  machines,  dividing  them 
into  objects.  The  more  advanced  versions  of  Matrix  allow  pooled/ 
grouped  assets  to  be  branded. 

Cloud  apps  could  also  be  pooled  this  way,  allowing  users  to  choose 
off-the-shelf  configurations  relating  to  specific  or  general  tasks. 

We  had  the  ability  to  look  at  Cloud  Maps,  which  were  a  strong 
visual  interpretation  of  the  cloud  resources  that  we’d  configured  and 
deployed.  We  could  then  flip  to  the  Capacity  Advisor  if  we  wanted  to 
perform  what-if  type  analysis  for  different  scenarios.  We  found  the 
user  interface  to  be  cumbersome,  and  procedurally  not  intuitive. 

The  user  interface  seems  to  have  many  options  available,  and  is 
seemingly  procedurally  and  productively  simple,  but  we  found 
lots  of  gotchas.  Our  mission  was  to  deploy  two  ESXi  servers,  and 
during  that  process,  our  molehill  turned  into  a  mountain.  After 
trial,  error  and  HP  support,  we  were  able  to  get  the  VMs  running. 

We  also  had  to  do  a  lot  of  manual  work  inside  of  VMware  to 
perform  associations  to  the  CloudSystem  for  our  ESXi  servers. 
The  documents,  while  somewhat  useful,  didn’t  prepare  us  for  the 
daunting  experience  that  we  had. 

CloudSystem  Matrix  is  complex,  but  it  has  the  capacity  to  man¬ 
age  and  potentially  “remarket”  a  variety  of  infrastructure  assets. 


4  Puppet  Labs  MCollective 

M  We  first  saw  MCollective  in  our  review  of  Ubuntu 
11.04  Server  and  Cloud  editions.  What  intrigued  us  was  its  ability 
to  rapidly  provision  instances  of  operating  systems,  but  also  appli¬ 
cations.  It’s  poised  toward  developers,  and  is  limited  currently  to 
Linux  instances. 

Despite  the  fact  that  the  Marionette  Collective/MCollective 
(“me”)  tools  are  CLI,  it  achieves  astounding  speed  at  communi¬ 
cating  with  potentially  thousands  of  instances  as  fast  as  the  wire 
speed  can  move  the  messages,  no  matter  where  the  instances  are 
located.  The  me  tools  are  middleware  that  use  a  multicast-like 
push  messaging  system  to  controlled  nodes.  There  is  no  artistic 
drag-and-drop  rack  configuration.  There  are  no  library-like  user 
interface  Web  pages  that  one  can  “check  out”  an  instance  of  a 
desired  application.  If  CloudSystem  Matrix  and  Abiquo  1.7  are  sky- 
management  generals-of-the-armies,  MCollective  is  the  battalion 
commander,  bereft  of  the  niceties,  pomp  and  circumstance. 

Inside  instances  that  me  controls  are  two  me  agent  daemons 
installed  from  RPMs.  The  daemons  are  based  on  Ruby  code,  and 
can  manage  inter-process  communications  and  managing  pack¬ 
ages.  The  client  has  similar  components.  The  “collective,”  therefore, 
consists  of  nodes,  which  in  turn  have  servers  running  in  them  — 
agents  that  are  the  messengers  that  speak  to  middleware,  in  the  cli¬ 
ent.  The  collective  is  a  living  and  dynamic  thing,  but  is  totally  bereft 
of  security  as  an  object. 

This  means  that  communications  must  be  performed  over  VPN 
links  and  SSH,  and  applications  like  Apache  or  a  LAMP  installa¬ 
tion  must  have  their  own  security  components  enabled  outside  of 
what  me  manages.  Fortunately,  much  of  this  can  be  done  via  me  — 
but  application  security  and  link  security  for  the  collective  object 
are  two  different  things,  we  found. 


Spin-up 

The  MCollective  can  spin  up  applications  with  frightening  speed. 
We  deployed  a  single  instance,  provisioning  it  with  me  (it  already 
contained  working  Ruby  and  a  configured  Stomp  gem).  We  had  40 
instances  done  in  approximately  29  seconds. 

We  then  instructed  me  to  install  Apache  into  the  instances,  start 
the  instances  and  tell  us  that  it  was  done.  Total  time  was  approxi¬ 
mately  31  seconds.  Stopping  all  40  Apache  server  instances  took 
approximately  seven  seconds.  Killing  the  instances  via  shutdown 
with  verification  took  approximately  12  seconds. 

The  middleware  keeps  track  of  basic  connectivity  facts  regard¬ 
ing  deployed  instances,  but  there  is  no  database;  it’s  a  stateless, 
push-based  messaging  concept  with  metadata  intelligence  inside 
the  messaging  that  makes  the  collective  do  work.  The  commands 
we  used  are  easily  scripted  into  scripts/batches.  Had  we  the  bud¬ 
get,  the  number  of  instances  that  we  could  spin  up  within  a  minute 
could  number  in  the  thousands.  Having  them  do  work,  send  mes¬ 
sages  or  store  the  results  and  then  shut  down  (and  stop  the  cost 
cycles)  can  be  stunningly  quick. 

The  MCollective  is  a  developer’s  cloud  tool.  It’s  CLI-only,  but 
building  a  lightweight  GUI  for  it  shouldn’t  be  difficult.  In  its 

adaptability,  however,  its  security  is 
f*§  PAITI  lightweight  and  application  security 
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Brocade  is  deploying  Ethernet  fabric  solutions  today. 
From  increased  automation  to  more  scalable  and 
resilient  network  architectures,  Brocade  Ethernet 
fabrics  flatten  your  network.  In  fact,  you  can  manage 
the  entire  fabric  as  one  single,  logical  entity. 
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A  dramatically  more  automated  network. 

Reduce  complexity  and  experience  a  network  that  works 
the  way  you  always  imagined  it  should.  Brocade  Ethernet 
fabrics  enable  cloud-optimized  networks  that  make 
your  business  more  agile.  That’s  why  90%  of  the  Global 
1000  already  rely  on  Brocade. 
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Find  out  what  Brocade  customers  already  know. 
Visit  brocade.com/everywhere 
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CLOUD  MANAGEMENT 


i  TurnKey  Linux  Backup  and  Migration  Tool 

Persistent  cloud  applications,  usually  SaaS-focused  applications,  need 
backup,  but  how  that’s  done  is  often  left  up  to  SaaS  site  owners/admins, 
who  often  don’t  back  up  or  in  some  cases  even  know  what  to  do  —  think 
small  businesses  and  bloggers  using  WordPress. 

Many  don’t  even  know  where  or  what  files  to  back  up  or  how  to 
restore  a  cratered  site.  TurnKey  Linux,  we  found,  offers  fully  inte¬ 
grated  download-and-play  appliances  consisting  of  popular  SaaS 
applications  but,  importantly,  bundled  with  integral  Amazon  S3  cloud 
backup  costing  a  few  pennies  at  most  per  day. 

The  TurnKey  Linux  Backup  and  Migration  Tools  (TKLBAMs)  are 
pre-configured  customizable  appliances  for  instances  (cloud,  virtual¬ 
ized  or  bare  metal/physical)  for  popular  SaaS  applications. 

There  are  more  than  40  different  prebuilt  FOSS  appliances  avail¬ 
able  from  TurnKeyLinux.org,  including  popular  Web  applications 
such  as  Drupal,  WordPress,  Ruby  on  Rails,  Joomla,  a  basic  LAMP 
stack  and  more. 

All  of  the  TurnKey  Linux  appliances  include  Web-based  admin 
setup  for  each  platform  and  other  common  configurations.  There  is  a 
core  appliance  that  can  be  used  to  create  custom  appliances  if  none  of 
the  prebuilt  appliances  are  suitable.  Each  TurnKey-supported  appli¬ 
ance  is  based  on  Ubuntu  Linux  and  is  automatically  updated  daily 
with  Ubuntu  security  updates. 

How  it  Works 

Procedurally,  you  get  an  appliance  and  set  up  an  account  (with  a  link 
to  Amazon’s  services  if  desired).  The  appliance  is  downloaded  and 
deployed,  and  backups  are  started;  a  wise  installer  tests  a  restore. 
We  obtained  the  WordPress  appliance  from  TurnKeyLinux.org,  and 
placed  it  on  the  host  we  use  for  extremelabs.com.  During  this  process, 
we  filled  in  the  billing  and  configuration  profile  to  be  used  for  Amazon 
Web  Services  cloud  storage  charges,  and  for  restoration  purposes. 

TKLBAM  downloads  the  profile  from  the  TurnKey  Linux  hub  (more 
like  an  app  store)  for  whatever  appliance  version  is  desired.  This  pro¬ 
file  can  be  used  to  detect  changes  made  after  installation,  such  as  new 
packages  installed  or  files  added/edited/deleted/etc.  Some  organiza¬ 
tions  will  use  a  fresh  appliance  and  populate  it  afterward  progres¬ 
sively,  while  others  will  use  static  pages,  and  still  others  will  migrate 


an  existing  equivalent  running  host. 

After  this  we  could  use  the  site  to  restore  the  backup  to  a  cloud  image 
on  EC2. 

We  wanted  to  try  upgrading  to  the  latest  version  using  the  backup  that 
we  had  created,  so  we  downloaded  the  WordPress  appliance  ISO  and 
loaded  it  up  in  XenServer  5.6,  performing  the  basic  WordPress  install. 

This  worked  quite  well;  almost  all  of  our  settings,  database,  Word- 
Press  files,  customizations,  etc.  were  restored  to  the  new  instance  of  the 
blog  site.  The  only  issue  we  had  was  restoring  our  manual  IP  address 
settings.  A  reboot  later,  we  were  almost  all  good  to  go.  The  last  thing  we 
had  to  do  was  just  an  apt-get  update/apt-get  upgrade  to  make  sure  we 
were  up  to  date. 

Next  we  made  a  new  backup  with  our  upgraded  appliance.  By 
default,  we  had  to  manually  backup  the  instance  for  the  first  time 
using  tklbam-backup.  After  that,  monthly  full  backups  are  enabled  by 
default.  To  enable  daily  incremental  backups  all  we  had  to  do  was  run: 
chmod  +x  /etc/cron.daily/tklbam-backup.  Our  incremental  backups 
so  far  have  ranged  from  158.5  KB  up  to  489.6  KB  for  10  days  after  the 
original  backup.  The  total  cost  so  far  for  our  site  is  $0.04  per  month! 

For  TurnKey  appliances  using  the  MySQL  database,  database 
backup  is  also  taken  care  of  transparently.  The  full  contents  of  the  data¬ 
base  are  serialized  and  encoded  in  a  file  structure  that  is  made  specifi¬ 
cally  for  optimized  incremental  backups.  After  TKLBAM  calculates 
the  delta,  it  uses  Duplicity  to  encode  backup  contents  in  a  chain  of 
encrypted  backup  volumes,  which  are  then  uploaded  to  Amazon  S3. 

The  downsides  to  the  TurnKey  Linux  appliances  are  numerous. 
Zimbra,  a  popular  email  system  recently  purchased  by  VMware,  can¬ 
not  be  backed  up  via  TKLBAM,  and  appliances  using  Postgre  database 
can’t  be  backed  up  using  the  TKLBAM  scheme,  either.  There  are  no 
current  appliances  using  Windows  applications,  sadly.  And  there  is 
no  inherent  increase  in  security  for  a  given  TurnKey  Linux  appliance, 
although  the  daily  update  option  may  help  strengthen  them. 


Henderson  is  managing  director  and  Brendan  Allen 
is  a  researcher  for  ExtremeLabs,  of  Bloomington, 
Ind.  Henderson  can  be  reached  at  kitchen-sink@ 
extremelabs.com. 
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Company 

Sympiified 

Abiquo 

HP 

Puppet  Labs 

TurnKey  Linux 

Product 

Symplified 
Identity  Manager 

Enterprise  Cloud 
Management  1.7 

CloudSystem  Matrix 

MCollective 

Backup  and  Migration  Tools 

Price 

Starts  from 
$5/user/month 

$1,495  per 
year  per  host 

Pricing  starting  at  $282,530, 
which  includes  one  Cloud- 
System  Matrix  starter  kit  plus  16 
blade  servers,  software  licenses 
and  implementation  services 

25-node  packs 
start  at  $1,995  with 
support  (some 
pieces  are  FOSS) 

Pennies  a  month 

Pros 

Single  sign-on 
app  for  SaaS, 
highly 
adaptable 

Comprehensive 
cloud  activity 
control,  vastly 
heterogeneous 

Sophisticated,  broad 
array  of  features 

Provisioning  with 
extreme  speed, 
powerful  tools 

Appliance-based  SaaS 
platforms  with  integral  backup 
into  Amazon  S3;  WordPress, 

Joomla,  LAMP  and  more 

Cons 

Administration 
could  be 
smoother 

Minor  glitches 

Admin  Ul  obtuse 

Not  a  comprehensive 
platform;  requires 
developer  skills 

MFOSS-type  appliances;  captive  to 
S3  for  now;  one-time  integration  by 
moderately  skilled  person  needed 
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Business 

Qwest  is  now  CenturyLink. 


Our  network  has  expanded,  and  so  has  our  ability  to  serve 
you.  When  you  combine  our  personal,  consultative  approach 
with  our  premiere  technology  platform  -  including  colocation, 
managed  hosting  and  nationwide  fiber-optic  network  with 
global  reach  -  you  will  find  you  are  free  to  drive  productivity 
and  bottom-line  growth.  Your  link  to  what's  next. 


Delivering  a  stronger  network 
And  more  personal  service 


ENTERPRISE  CLOUD  SERVICES  CLOUD  MANAGEMENT 


HERE'S  A  SAMPLING 


Apica 

PALO  ALTO,  CALIF. 


What  it  offers:  Apica  WebExcellence,  a  suite  of  load  testing  and  performance  monitoring 
tools  for  cloud  applications. 

How  it  works:  Apica  says  it  uses  a  four-part,  cloud-based  methodology  to  help  ensure 
a  website  performs  at  its  best.  For  load  testing,  it  simulates  real-world  load  conditions  in  a 
cloud-based  test  environment  using  scripts  to  define  custom  user  scenarios  aligned  with 
performance  and  business  goals.  External  cloud  agents  measure  all  browsers  and  geographi¬ 
cal  profiles,  and  Apica  identifies  capacity  and  load  thresholds  and  pinpoints  problem  spots. 
Customizable  performance  monitoring  provides  constant  awareness,  from  any  browser  and 
location  and  through  SMS  or  email  alerts,  about  uptime  and  response  time.  The  suite  also 
leverages  tuning  technology  combined  with  static  caching  to  increase  Web  throughput  by  up 


MANAGING  THE  CLOUD 


BY  BETH  SCHULTZ 

As  enterprise  IT  orga¬ 
nizations  consider 
how  to  approach  the  cloud 
—  public,  private,  hybrid  — 
there’s  no  shortage  of  chal¬ 
lenges  to  sort  through. 

The  cost  for  on-demand 


10  CLOUD 
MANAGEMENT 
COMPANIES 
TO  WATCH 


instances  needs  tracking, 
and  application  performance  needs  monitoring.  Capacity 
needs  planning,  and  cloud-based  websites  need  optimizing. 

As  IT  managers  grapple  with  these  and  other  considerations, 
a  slew  of  companies  are  offering  up  products  aimed  at  easing 
the  challenge  of  managing  this  new  environment.  Dennis  Cal¬ 
laghan,  a  senior  analyst  with  The  451  Group,  says  it  best:  “Every 
time  you  turn  around,  somebody  has  a  new  cloud  management 
or  IT  management  in  the  cloud  offering  to  tell  you  about.” 
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APC 

by  Schneider  Electric 


Register  to  receive  White  Paper 
#24,  "Effect  of  UPS  on  System 
Availability,"  and  enter  to  WIN 
APC  Smart-UPS™  1500VA  Rack/ 
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to  40  times  current  levels,  and  an  overload 
function  protects  performance  and  systems 
during  unexpected  high-load  scenarios.  With 
the  additional  Apica  Server  Monitor,  IT  orga¬ 
nizations  can  compare  performance  data  and 
integrate  system  data  from  behind  the  firewall 
with  load  test  data. 

How  much  it  costs:  Starting  price  for  pre¬ 
mium  monitoring  services  is  $80  per  month. 

Why  it’s  worth  watching:  This  Swed¬ 
ish  company  amassed  a  sizable  portfolio  of 
global  customers,  including  TransGaming. 
This  company  recently  reported  using  Apica 
LoadTest,  part  of  the  WebExcellence  suite,  to 
improve  performance  of  a  new  cloud-based 
on-demand  gaming  service  by  more  than 
400%  in  a  three-week  load  testing  period. 

As  Audrey  Rasmussen,  an  analyst  with  Ptak 
Noel,  points  out  in  a  post-announcement 
blog,  “Apica  enters  the  U.S.  with  well-estab¬ 
lished  services,  experience,  expertise,  a  criti¬ 
cal  mass  of  customers,  and  some  partner¬ 
ships.  That  sounds  like  a  strong  start  to  me. 
This  could  be  a  company  to  watch." 

Alfabet 

CAMBRIDGE,  MASS. 

What  it  offers:  PlanningIT,  an  integrated 
IT  planning  and  business  IT  management 
software  suite. 

How  it  works:  PlanningIT  is  a  suite  of 
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modules,  each  covering  a  specific  aspect  of 
architecture-based  strategic  IT  planning. 
Application  architecture,  business  demand 
management,  enterprise  architecture, 
program  portfolio  and  value  management 
modules  are  available,  for  example.  All  infor¬ 
mation  and  functionality  is  provided  from  a 
single  interface. 

How  much  it  costs:  Pricing  depends  on 
scope,  breadth  and  type  of  user. 

Why  it's  worth  watching:  IT  organiza¬ 
tions  today  are  making  decisions  about  cloud 
as  a  delivery  model  —  a  far  different  scenario 
from  12  to  18  months  ago  when  the  cloud  was 
more  of  an  “end-around  IT”  for  the  business, 
says  Rebecca  Wettemann,  vice  president 
of  research  at  Nucleus  Research.  With  this 
shift  has  come  the  recognition  that  tradi¬ 
tional  IT  governance  processes,  including 
asset  management,  inventory,  metering  and 
service-level  agreements  (SLA),  apply  to  the 
cloud.  But  as  they  go  through  their  decision¬ 
making  processes,  many  IT  organizations 
are  realizing  how  much  they  don’t  know 
about  how  they’re  managing  applications 
and  infrastructure  internally,  she  adds.  And 
that’s  something  where  PlanningIT  can  help, 
because  “whether  in  the  cloud  or  on  prem¬ 
ises,  it  provides  a  central  source  of  truth  and 
knowledge  about  what’s  happening  with  the 
investments  companies  have  made  in  IT,” 
she  says. 

Embotics 

OTTAWA,  ONTARIO 

What  it  offers:  V-Commander,  private 
cloud  management. 

How  it  works:  Embotics  has  taken  an 
all-in-one  approach  with  V-Commander, 
says  Jason  Cowie,  vice  president  of  product 
management  at  the  company.  In  less  than 
an  hour,  IT  can  install  the  software  and  be 


ready  to  use  its  self-service  provisioning  and 
service  request  management  functions,  as 
well  as  the  service  catalog  and  wizard-driven 
rapid  provisioning  capabilities. 

How  much  it  costs:  Pricing  starts  at  $399 
per  socket  per  year. 
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Why  it’s  worth  watching:  As  enterprise 
IT  organizations  move  beyond  the  virtual 
data  center  and  into  full-fledged  cloud 
infrastructure,  they  need  their  manage¬ 
ment  tools  to  evolve  with  them.  Embotics  is 
doing  just  that.  Its  latest  iteration  features 
enhanced  self-service  portal  features  and 
automation  capabilities,  as  well  as  integrated 
IT  cost  visibility  and  chargeback  and  a  slew 
of  service  request  management  functions. 
Such  capabilities  have  made  V-Commander 
critical  to  Aston  University  as  it  builds  out 
its  private  cloud,  says  Steve  Goodman,  senior 
server  engineer  with  the  Birmingham, 
England,  institution.  The  self-service  portal 
has  been  particularly  useful  for  Aston’s 
tech-savvy  users,  while  IT  has  benefited 
from  the  cost  visibility,  which  eases  the 
chargeback  process,  he  says.  And  with  the 
capacity  management  capabilities,  Goodman 
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adds,  Aston  has  gotten  a  lot  more  intelligent 
about  how  and  when  to  make  infrastructure 
improvements. 

Jamcracker 

SANTA  CLARA,  CALIF. 


What  it  offers:  Jamcracker  Platform, 
cloud  services  delivery  and  life  cycle 
management. 

How  it  works:  Using  the  Jamcracker 
Platform,  enterprise  IT  can  integrate  user 
provisioning,  administration  and  single 
sign-on  functions  for  private  or  public 
infrastructure.  Once  that’s  completed,  IT  can 
provide  users  a  catalog  of  services  and  then 
centrally  and  consistently  manage  provi¬ 
sioning,  access,  administration,  security, 
audit  and  chargeback,  the  company  says. 

How  much  it  costs:  Jamcracker  offers  an 
on-premises  licensing  model,  a  hosted  offer¬ 
ing  and  a  quick-start  pilot  program. 

Why  it’s  worth  watching:  As  enterprises 
pick  a  cloud  services  provider  here  and 
another  there,  and  build  up  a  private  cloud 
or  two,  IT  organizations  face  the  challenge 
of  “managing  all  this  stuff,"  says  Jeff  Kaplan, 
managing  director  of  ThinkStrategies. 
Increasingly,  they’d  like  that  management 
from  a  single  dashboard,  he  adds.  Gartner 
says  the  number  of  such  providers  is  limited 
today  but  will  grow  rapidly  in  the  next  few 
years.  “Providers  that  are  early  to  market 
have  an  opportunity  to  capitalize  on  the 
inherent  complexities  of  proliferating  cloud 
services  adoption  at  the  same  time  as  they 
help  companies  more  quickly  and  easily 
incorporate  cloud  computing  into  their  IT 
portfolio,”  Gartner  says. 

Jitterbit 

OAKLAND,  CALIF. 


What  it  offers:  Jitterbit  4.0,  a  data  integra¬ 
tion  suite. 

How  it  works:  The  Jitterbit  platform, 
which  comprises  a  scalable  run-time  engine 
and  an  integration  app,  is  downloadable  for 
use  on  Windows,  Linux  and  Solaris  servers. 
The  run-time  engine,  called  the  Jitterbit 
Integration  Server,  orchestrates  integration 
processes,  receives  and  sends  messages, 
connects  to  systems,  records  activities,  and 
validates,  cleanses  and  transforms  data. 
Using  the  integration  application,  called 
Jitterbit  Application,  users  can  configure, 
test,  deploy  and  manage  Jitterbit  integration 


projects.  An  organization  can  install  Jitterbit 
Application  on  multiple  user  computers  for 
collaborative  integration  work,  the  company 
says.  Jitterbit  is  available  in  a  Cloud  ver¬ 
sion,  for  connecting  data  and  applications 
residing  in  different  clouds;  a  Professional 
version,  for  integrating  between  on-premises 
and  cloud-based  systems;  and  an  Enterprise 
version,  which  features  additional  manage¬ 
ment  capabilities. 

How  much  it  costs:  Pricing  starts  at 
$10,000  per  year. 

Why  it’s  worth  watching:  The  data  inte¬ 
gration  challenge  is  among  the  most  pressing 
for  enterprises  using  multiple  cloud  service 
providers  as  well  as  looking  to  connect  legacy 
and  cloud  systems,  says  Julie  Smith  David, 
director  of  the  Center  for  Advancing  Busi¬ 
ness  through  IT  at  Arizona  State  University. 
Jitterbit  offers  point-and-click  integration  for 
CRM  applications,  databases,  ERP  systems, 
major  SaaS  applications,  project  manage¬ 
ment  applications  and  XML.  “Integration 
is  a  hot  topic,  and  Jitterbit  is  trying  to  fill  the 
void,”  says  ThinkStrategies’  Kaplan. 

Netuitive 

RESTON,  VA. 


What  it  offers:  Netuitive,  a  predictive 
analytics  platform  for  physical,  virtual  and 
cloud  infrastructure. 

How  it  works:  A  patented  behavior-learn¬ 
ing  engine  powers  the  company’s  predictive 
analytics  platform.  The  engine  continu¬ 
ously  analyzes,  correlates  and  normalizes 
thousands  of  simultaneous  performance 
variables  from  dozens  of  enterprise  subsys¬ 
tems,  and  builds  a  behavior  profile  for  each 
data  stream  that,  the  company  says,  reflects 
“the  unique  rhythms  and  trends  of  each 
performance  metric  —  by  the  hour,  month 
and  season.”  Monitoring  the  contextual  rela¬ 
tionships  between  each  performance  metric, 
Netuitive  applies  real-time  analysis  and 
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correlation  to  identify  statistically  significant 
anomalies  and  deliver  actionable  intelligence 
via  alerts  and  to  dashboards. 

How  much  it  costs:  Undisclosed. 

Why  it’s  worth  watching:  Netuitive  has 
been  beating  the  predictive  IT  analytics 
dr  um  for  a  number  of  years.  Now  as  IT  gets 
more  cloud-friendly  and  Netuitive’s  platform 
more  cloud-capable,  the  company  is  gaining 
notice.  Dell,  for  instance,  recently  integrated 
the  company’s  predictive  IT  technology 
into  its  Virtual  Integrated  System  architec¬ 
ture  for  cloud  management  and  Morgan 
Stanley  awarded  Netuitive  its  prestigious  IT 
Innovation  Award  for  2011.  In  the  latter  case, 
Netuitive  gained  recognition  for  its  role  in 
a  massive  private  cloud  — 130,000  virtual 
machines  —  build-out.  The  growing  interest 
in  Netuitive  signals  that  behavioral  analysis  is 
the  next  major  innovation  for  infrastructure 
and  cloud  management,  says  Rob  Illsley,  an 
Ovum  analyst,  in  a  recent  column. 

New  Relic 

SAN  FRANCISCO,  CALIF. 


What  it  offers:  Application  performance 
management  SaaS,  with  real  user  monitor¬ 
ing  (RUM). 

How  it  works:  Small,  lightweight  agents 
on  production  servers  send  data  about  an 
application’s  activity  to  New  Relic’s  data  cen¬ 
ter  for  instantaneous  processing  by  analytics 
and  reporting  engines.  From  the  New  Relic 
Web  application  dashboard,  IT  can  custom¬ 
ize  views,  drill  into  slow  transactions  and 
get  immediate  insight  from  the  end  user’s 
behavior  down  to  the  line  of  code,  the  com¬ 
pany  says.  New  Relic  handles  performance 
monitoring  for  Java,  .Net,  PHP,  Python  and 
Ruby  Web  applications. 

How  much  it  costs:  Annual  pricing  for 
the  standard,  professional  and  business 
additions  are  $24,  $149  and  $119  per  month 
per  server,  respectively. 

Why  it’s  worth  watching:  Assuring  end 
users  have  a  great  application  experience,  no 
matter  that  the  back-end  servers  run  in  com¬ 
plex,  highly  dynamic  cloud  environments, 
can  be  a  heavy  burden  for  modem  IT  opera¬ 
tions.  But  if  you  are  running  applications 
across  a  cloud  infrastructure,  using  a  cloud- 
based  performance  management  service  can 
help,  says  451  Group’s  Callaghan.  “Ultimately 
the  model  of  monitoring  what’s  running  in  the 
cloud  with  what  is  itself  running  in  the  cloud 
is  going  to  be  easier,  more  effective  and  more 
cost  effective,”  he  says.  “When  you  require 
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more  resources  based 
on  performance,  you 
can  detect  that  and 
automate  the  provisioning  of  new 
resources  and  respond.”  The  SaaS  model 
has  worked  well  for  IGN  Entertainment,  the 
pre-eminent  gaming  site  for  guys,  says  David 
Ting,  vice  president  of  engineering  at  the  San 
Francisco  company.  Using  New  Relic  has 
enabled  the  company  to  diagnosis  and  solve 
problems  in  record  time. 
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performance  in 
the  cloud  market. 


Opscode 

SEATTLE 


What  it  offers:  Opscode  Chef,  an  open 
source  systems  integration  framework; 
Opscode  Private  Chef,  an  on-premises  cloud 
infrastructure  automation  hardware  appli¬ 
ance;  Opscode  Hosted  Chef,  cloud  infra¬ 
structure  automation  software  delivered  as 
a  service. 

How  it  works:  A  Ruby  on  Rails-based 
server  provisioning  tool,  Opscode  Chef  allows 
infrastructure  management  via  code.  It  relies 
on  reusable,  shareable  Recipes  and  Cook¬ 
books  for  describing  and  integrating  infra¬ 
structure  components  behind  the  enterprise 
firewall  or  within  the  hosted  Opscode  cloud 
for  accelerated  deployment  and  configuration 
management  and  ready  scalability. 

How  much  it  costs:  Hosted  Chef  monthly 
pricing  starts  at  $5  per  managed  server  for 
20  ser  vers  and  scales  up  to  $10  per  server  for 
1,000  managed  servers.  Private  Chef  pricing 
starts  at  $80,000. 

Why  it’s  worth  watching:  With  applica¬ 
tion  developers  gravitating  toward  quick- 
and-easy  cloud  resources,  IT  organizations 
are  adapting  by  building  o  ut  internal  cloud 
resources  that  will  let  them  be  as  nimble  as 
Amazon  with  its  Elastic  Compute  Cloud 
(EC2).  Opscode  has  a  great  value  proposi¬ 
tion  for  such  IT  operations,  says  Rachel 
Chalmers,  an  analyst  with  The  451  Group.  “It 
has  multi-tenancy  and  agility  in  its  DNA,  is 


responsive 

and  lives  and  breathes 
DevOps  so  is  already  talking  to  and 
has  the  loyalty  of  the  developers  who  hold 
the  keys  to  the  kingdom,”  she  says.  Opscode 
can  either  host  a  solution  or  provide  an  appli¬ 
ance  that  lets  IT  operations  get  to  rapid-scale 
provisioning.  “All  it  does  is  rapidly  spin  up 
and  document  what  it’s  done  so  IT  ends  up 
with  a  set  of  Recipes  and  can  participate  in 
the  community,  sharing  Recipes  and  best 
practices,”  she  adds.  Chalmers  says  she’s 
quite  bullish  on  Opsware,  as  well  as  a  com¬ 
petitive  approach  from  Puppet  Labs. 


Strangleloop  Networks 

VANCOUVER,  B.C. 


What  it  offers:  Strangeloop  Site  Opti¬ 
mizer,  software  delivered  via  the  cloud  and 
providing  scalable,  on-demand  optimiza¬ 
tion  for  cloud-based  websites;  also  available 
as  a  hardware  network  device  or  virtual 
appliance. 

How  it  works:  Strangeloop  Site  Optimizer 
is  an  expert  system  that  learns  the  resource 
usage  patterns  of  a  site  and  dynamically 
applies  best  practice  coding  techniques  by 
rewriting  pages,  without  requiring  any  source 
code  modifications.  It  analyzes  usage  patterns 
and  page  content,  and  develops  a  dynamic 
repository  of  rules  and  cached  resources.  This 
technology  can  reduce  the  number  of  round 
trips  required  to  render  Web  page  content, 
execute  client-side  code  in  the  most  efficient 
order,  preload  resources  that  are  likely  to  be 
needed  for  future  requests,  and  tailor  behav¬ 
ior  to  exploit  the  capabilities  of  the  user ’s 
browser,  the  company  says. 

How  much  it  costs:  Undisclosed. 

Why  it’s  worth  watching:  IT  organiza¬ 
tions  that  want  to  run  their  Web  operations 
from  cloud  infrastructure  aren’t  necessar¬ 
ily  going  to  have  the  resources  to  devote  to 
fine-tuning  performance.  Yet,  they  know  that 
optimizing  the  site  can  help  improve  customer 
response  time.  Such  was  the  case  at  Artbeads. 
com,  an  Internet-based  bead  and  jewelry  sup¬ 
plier,  says  Michael  Hervieux,  COO  at  the  Gig 
Harbor,  Wash.,  company.  “We  recognized  our 
site  could  use  optimization  and  speed  boost¬ 
ing,  but  felt  the  cost  to  achieve  that  wasn’t 


Strangleloop  fine-tunes  your 
website  for  peak  performance. 


justifiable  given  our  sales  and  revenue,”  he 
says.  But  with  the  SaaS  model,  site  optimi¬ 
zation  became  worth  pursuing,  Hervieux 
says.  Artbeads.com  conducted  a  trial  of 
Strangeloop  Site  Optimizer  on  half  its  visi¬ 
tors  and  found  that  revenue  per  visitor  and 
revenue  per  visit  each  jumped  8%  for  visitors 
who  enjoyed  the  accelerated  site  experience. 
Now  Artbeads.com  runs  all  traffic  through  the 
Site  Optimizer  service,  he  says. 


Uptime  Software 

TORONTO 

What  it  offers:  UptimeCloud,  cloud  cost 
and  capacity  management  SaaS. 

How  it  works:  Once  an  IT  organization 
signs  up  for  the  service  through  the  Uptime- 
Cloud  portal,  Uptime  begins  monitoring 
its  cloud  infrastructure.  Initially  available 
for  cloud  infrastructure  from  Amazon  Web 
Services  (AWS),  UptimeCloud  talks  to  the 
AWS  open  API,  capturing  pricing  informa¬ 
tion  in  real  time  and  feeding  it  into  its  rating 
and  pricing  engine,  says  Uptime  CTO  Alex 
Bewley.  Uptime  also  applies  historical  data 
collection,  trending  and  prediction  functions. 

How  much  it  costs:  Undisclosed  at  the 
time  of  this  writing. 

Why  it’s  worth  watching:  For  many 
IT  organizations,  the  cloud  decision  can 
be  fraught  with  paralyzing  uncertainties 
regarding  the  monthly  infrastructure  bill. 
Uptime  aims  to  eliminate  the  mystery  by 
providing  visibility  into  how  much  cloud 
computing  costs  in  real  time,  across  applica¬ 
tions,  services,  line  of  business,  user  location 
and  instance.  Uptime’s  ability  to  correlate  the 
performance  of  a  cloud  workload  with  how 
much  it’s  costing  an  organization  is  pretty 
innovative,  says  451  Group’s  Callaghan. 

“This  whole  concept  of  ERP  for  IT  is  really 
going  to  take  off.”  H 
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TREND  ANALYSIS 


Protecting  all  corp.  data  ‘no  longer  realistic’ 


BYELLENMESSMER 

STEALTHY,  SOMETIME  long-term  cyber¬ 
espionage  attacks  to  steal  sensitive  propri¬ 
etary  information  —  what  some  now  call 
“advanced  persistent  threats”  (APT)  —  have 
become  a  top  worry  for  businesses. 

Last  week  the  Security  for  Business  Inno¬ 
vation  Council,  a  group  of  16  security  leaders 
from  companies  that  include  eBay,  Coca-Cola 
Company,  SAP,  FedEx  Corp.,  Johnson  &  John¬ 
son  and  Northrop  Grumman,  summed  up 
their  thoughts  on  APT  in  a  report,  saying  this 
type  of  attack  is  forcing  IT  to  rethink  network 
security.  “Tacklingadvanced  persistent  threats 
means  giving  up  the  idea  it’s  possible  to  protect 
everything.  This  is  no  longer  realistic.” 

“Focusing  on  fortifying  the  perimeter  is 
a  losing  battle,”  bluntly  states  the  report, 
which  was  published  by  RSA  —  itself  the 
well-known  victim  of  a  successful  APT 
attack.  “Today’s  organizations  are  inherently 
porous.  Change  the  perspective  to  protect¬ 
ing  data  throughout  the  life  cycle  across  the 
enterprise  and  the  entire  supply  chain.” 

The  report  adds:  “The  definition  of  a  suc¬ 
cessful  defense  has  to  change  from  ‘keeping 
attacks  out’  to  ‘sometimes  attackers  are  going 
to  get  in;  detect  them  as  early  as  possible  and 
minimize  the  damage.’  Assume  your  organi¬ 
zation  might  already  be  compromised  and  go 
from  there.” 

The  focus,  it  says,  now  has  to  be  on  work¬ 
ing  with  business  managers  to  identify  the 
“crown  jewels”  of  the  organization  and  pro¬ 
tect  these  “core  assets,”  while  “also  moving 
away  from  a  perimeter-centric  view.” 

Dave  Cullinane,  chief  information  security 
officer  at  eBay,  says  there’s  no  doubt  that  the 
APT  problem  is  at  the  top  of  everyone’s  list  of 
concerns  right  now.  Spear-phishing,  which 
involves  tricking  an  individual  into  open¬ 
ing  an  email  with  malware  to  gain  control 
of  a  computer,  is  one  way  an  attacker  gains 
a  foothold  inside  a  network,  as  happened  at 
RSA  last  spring.  But  Cullinane  says  there  are 
insufficient  protective  anti-phishing  prod¬ 
ucts  available. 

“Adversaries  know  what  works  in  spam 
filtering,”  he  points  out.  He  says  some  com¬ 
panies,  including  banks,  have  devised  their 
own  custom-made  defenses  that  combine 
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email  information  with  threat-monitoring 
tools  like  FireEye  and  Damballa. 

Cyber-espionage  attacks  are  basically  an 
infiltration  that  could  come  from  nation-states, 
their  hired-hand  attackers  as  well  as  industrial 
competitors,  perpetrators  of  organized  crime, 
or  “hacktivists”  like  Anonymous. 

Last  week,  security  researcher  Joe  Stewart, 
director  of  malware  research  at  Dell  Secure- 
Works,  offered  his  own  evidence  that  the 
March  break-in  at  RSA,  in  which  sensitive 
information  related  to  SecurlD  was  stolen, 
originated  in  mainland  China. 

Stewart  says  his  conclusion  is  based  on 
analysis  of  two  malware  components  that 
were  used  to  conceal  the  attack  on  RSA.  The 
malware,  called  HTran,  which  was  originally 
written  by  Chinese  hackers,  was  found  to  leak 
error-message  information  showing  spe¬ 
cific  network  IP  addresses  at  ISPs  in  China, 
where  hackers  likely  directed  stolen  data.  The 
report  on  this  from  Secure  Works  notes  that 
without  the  cooperation  of  the  government  of 
the  People’s  Republic  of  China,  further  attri¬ 
bution  of  the  hacking  activity  is  “difficult  or 
impossible.” 

Operation  Shady  Rat 

The  possibility  of  a  nation  such  as  China 
engaged  in  large-scale  cyber-espionage 
through  APT  attacks  came  up  again  last 
week.  In  a  report  entitled  “Revealed:  Opera¬ 
tion  Shady  RAT,”  McAfee  says  evidence  it  got 
from  a  server  out  on  the  Internet  shows  72 
businesses  and  government  agencies,  most 
in  the  U.S.  but  from  several  other  countries 
as  well,  have  suffered  APT  infiltrations  since 
2006.  McAfee  says  the  attacker  is  probably  a 
“nation-state,”  but  it  didn’t  point  to  any  par¬ 
ticular  country. 

McAfee’s  “Revealed:  Operation  Shady 
RAT”  only  names  a  few  of  the  victims,  includ¬ 
ing  the  World  Anti-Doping  Agency  in  Mon¬ 
treal,  the  Asian  and  Western  national  Olym¬ 
pic  Committees,  and  the  United  Nations, 
along  with  the  Association  of  Southeast 
Asian  Nations. 

Dmitri  Alperovitch,  vice  president  of 
threat  research  at  McAfee  labs,  says  McA¬ 
fee  has  tried  to  reach  those  it  believes  were 
targeted  based  on  the  log  evidence  from  the 
server  it  gained  “legally”  in  March.  “Some  IP 
addresses  are  very  clear,  they’re  the  firewall 
of  an  organization,”  Alperovitch  says. 

The  intention  of  the  McAfee  report  is  to 
show  that  “someone  is  going  to  a  tremendous 
amount  of  effort  to  compromise  these  comput¬ 
ers,”  he  says.  Alperovitch  says  the  APT  server 
in  question  is  still  in  operation,  and  there  are 
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“Operation  Shady  RAT” 


Some  facts  about  the  72  compromised  _ 
organizations  McAfee  identified  as  victims^ 
of  targeted  intrusions.  McAfee's  “Operation 
Shady  RAT  identified  the  organizations  by 
analyzing  log  data  from  a  single  server 
found  on  the  Internet. 


22  II  GOVERNMENT-FOCUSED 

U.S.  federal,  state,  county  government 
agencies;  Canada,  India,  South  Korea, 
Vietnam,  Taiwan,  India;  U.S.  gov’t  contractor; 
United  Nations. 
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Electronics;  computer  security;  information 
technology;  satellite  communications;  news 
media;  information  services;  communications 
technology. 
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II  DEFENSE  CONTRACTORS 


II  ECONOMICS,  SPORTS, 
NON-PROFIT 


International  sport;  trade;  think  tanks; 
international  government/economics 
/trade;  political  non-profit;  U.S.  national 
security  non-profit. 


0  II  HEAVY  INDUSTRY 

Construction,  steel  industry,  energy, 
solar  power. 


^  II  OTHER  BUSINESS 

Construction,  steel  industry,  energy, 
solar  power. 


“hundreds  if  not  thousands”  of  these  servers 
designed  to  coordinate  siphoning  of  sensitive 
data.  The  theft  of  intellectual  property  taking 
place  represents  a  “massive  transfer  of  wealth 
that  is  happening,”  he  says,  as  some  infiltra¬ 
tor  —  probably  a  “nation-state”  —  tries  to  gain 
economic  advantage  by  chipping  away  at  the 
economic  advantage  others  may  have.  ■ 
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Freedom  and  privacy,  R.I.P. 


FREEDOM  AND  privacy,  in  any  meaningful 
sense,  are  dead.  I  know,  I  know . . .  I’ve  writ¬ 
ten  about  this  topic  before  but  that  was  in 
the  context  of  our  “factual”  privacy,  which  is  about  access  to  what  you 
might  think  of  as  “static”  data  about  you.  Now  we  have  to  recognize  the 
death  of  our  “realtime”  or  “lifestream”  privacy:  the  freedom  to  go  about 
our  business  unobserved  and  anonymously. 

Factual  privacy  is  different  from  lifestream  privacy.  The  former  is 
about  access  to  facts  such  as  the  color  of  your  hair  and  eyes,  your  eth¬ 
nicity,  your  height  and  weight,  your  income,  your  cholesterol  level  and 
so  on.  Those  are  all  data  points  that  create  a  snapshot  of  you. 

Almost  10  years  ago  I  wrote  a  Backspin  column  titled  “The  Paper¬ 
work  of  Freedom"  in  which  I  discussed  my  knee  surgery  and  the  end¬ 
less  medical  forms  I  had  to  fill  in  over  and  over  again. 

My  point  was  that,  while  digitizing  medical  records  may  be  the  way 
of  the  future,  the  sheer  messiness  of  paperwork  ensures  it’s  a  lot  harder 
for  your  “factual”  privacy  to  be  breached.  Unfortunately  we  now  know 
that  all  of  our  factual  data,  not  just  the  medical  stuff,  is  becoming  digi¬ 
tal  whether  we  like  it  or  not. 

On  the  other  hand,  lifestream  privacy  involves  behavioral  data 
such  as  where  you  go  and  when,  what  you  look  at,  and  even  how  you 
respond;  it’s  more  like  a  movie  of  you.  Taken  to  its  extreme  it  also 
includes  who  you  talk  to,  telephone  and  email  with,  and  even  what  you 
talk  about.  A  lack  of  lifestream  privacy  makes  it  possible,  at  the  least, 
for  businesses  to  manipulate  you.  For  example,  consider  online  shops 
that  track  and  test  your  behavior. 

These  stores  “watch”  where  you  linger,  note  what  you  look  at, 


monitor  for  indications  of  interest,  and  then  conclude,  for  example, 
from  the  shirts  and  pants  you’ve  looked  at,  that  you  like  a  particular 
shade  of  yellow  and  that  you’re  looking  for  casual  clothing.  As  a  result, 
when  you  visit  the  shoe  department,  the  shop  makes  sure  you  see  the 
yellow  tennis  shoes  first. 

How  does  that  make  you  feel?  In  that  scenario  you  would  have  fac¬ 
tual  privacy  (at  least,  until  you  enter  your  credit  card  at  checkout),  so 
you  would  be  effectively  anonymous,  but  all  the  same  you  would  have 
been  measured  and  manipulated,  possibly  over  multiple  visits. 

While  you  might  look  at  this  as  a  good  thing  (your  desires  and 
interests  are  being  addressed  far  more  efficiently),  you  also  need  to 
recognize  that  the  shop  will  use  the  intelligence  it’s  gained  about  your 
preferences  to  manipulate  you,  at  the  very  least  to  “up-sell”  you  related 
products  such  as,  for  example,  socks  in  colors  they  determine  might 
appeal  to  you. 

Similar  tracking  techniques  are  now  in  use  in  the  real  world,  and  the 
connection  of  your  factual  data  to  your  lifestream  data  on-  and  offline 
is  what  many  businesses  are  trying  to  do ...  until  they  get  caught,  which 
is  something  we’ll  discuss  next  week. 

Thomas  Jefferson  has  often  been  quoted  as  saying,  “The  price  of  free¬ 
dom  is  eternal  vigilance.”  Alas,  you  can  be  as  vigilant  as  you  please  and 
still  have  to  stand  by  and  watch  your  freedom  being  chipped  away,  a 
piece  at  a  time,  until  there’s  nothing  left.  Which,  it  could  be  argued,  is 
where  we  already  are.  Freedom  and  privacy,  rest  in  pieces.  ■ 

Gibbs  mourns  our  loss  in  Ventura,  Calif.  Your  condolences  to 
backspin@gibbs.com. 
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If  your  neighbor  built  a  fake  Apple  store 


BY  NOW  you’ve  probably  seen  all  the  sto¬ 
ries  out  of  China  about  the  fake  Apple  stores. 
They  got  me  wondering:  What  if  my  neigh¬ 
bor,  Bob,  was  to  tell  me  that  he  did  in  our  little  town  what  those  Apple 
imitators  did  in  their  Chinese  city?  How  might  that  conversation  go? 

“Hey,  Paul,  let’s  take  a  drive  and  go  look  at  my  new  Apple  store.” 

“You  built  an  Apple  store,  Bob?  I  didn’t  know  Apple  sold  franchise 
rights.” 

“Oh,  I  didn’t  get  any  franchise  rights.  Just  hired  an  architect,  a  construc¬ 
tion  company,  and  a  crackerjack  interior  designer,  who  lucky  for  me  had 
recently  gotten  out  on  parole. . . .  Voila,  Apple  store.” 

“Uhhh,  OK,  Bob ...” 

Two  thoughts  occur  next:  This  must  be  a  gag,  or  Bob’s  having  some 
kind  of  breakdown.  But  we  drive  to  his  Apple  store  —  which  looks 
absolutely  indistinguishable  from  your  standard  Apple  store. 

Bob  asks:  “What  do  you  think?” 

“What  do  1  think?  I  think  it’s  one  sweet  Apple  store,  Bob.” 

We  walk  inside.  The  store  wasn’t  open  for  business  yet,  but  Bob  had 
hired  a  staff  and  they  were  busy  stocking  shelves.  Now  I’m  thinking  I 
must  have  misunderstood  him  on  the  franchise  thing;  maybe  Apple  is 
going  that  route,  after  all. 

Right  then  he  elbows  me  in  the  ribs.  “Hey,  neighbor,  check  out  the 
circular  staircase.” 

“Says  Apple  store,  all  right. . . .  But,  Bob,  I  think  I  may  have  misheard 
you;  you  did  ask  Apple’s  permission  to  do  this,  right?” 

"Nope.” 

“But  you  know  Apple’s  lawyers  are  going  to  be  all  over  you  before  you 


can  even  get  the  store  open.” 

“Maybe.  The  staff’s  working  their  butts  off  and  I’m  thinking  we  might 
be  able  to  open  by  Monday.” 

“Building  permit,  how’d  you  get  a  building  permit?” 

“I  told  Town  Hall  it  was  going  to  be  an  Apple  store.  They  were  tickled; 
wanted  to  know  if  Steve  Jobs  would  be  at  the  opening.” 

Bob  has  clearly  lost  his  mind  and  doesn’t  have  a  clue  as  to  what  he’s 
gotten  himself  into. ...  I  take  a  stab  at  bringing  him  back  to  reality. 

“Never  mind  Apple’s  lawyers,  Bob,  I’m  thinking  you  may  have  bro¬ 
ken  a  law  or  two  here.” 

“Thank-you,  Capt.  Obvious.  I’d  say  it’s  more  like  a  half-dozen.” 

“You  could  go  to  jail.” 

“Expect  as  much.” 

“Then  how  can  you  be  so  cavalier  about  all  of  this?” 

“Follow  your  dream,  my  man;  build  it  and  they  will  come This  is 

an  Apple  store,  not  a  Ponzi  scheme.  The  press  will  eat  it  up;  the  public 
will  make  me  out  to  be  some  kind  of  hero;  and,  what  fanboy  hasn’t  fan¬ 
tasized  about  owning  his  own  Apple  store?” 

“But  what  happens  to  your  store  if  you  go  away?” 

“Apple  will  buy  it.  The  publicity  will  be  priceless.  And  I  didn’t  skimp; 
this  is  a  real-deal  Apple  store.” 

Crazy,  yes.  Crazy  like  a  fox.  As  we  drove  home,  I  had  one  more  ques¬ 
tion:  “Bob,  if  you  do  open  the  store  on  Monday,  do  you  think  you  can 
swing  me  one  of  those  employee  discounts  on  a  new  iPhone?” 

“Oh,  sure,  I  could  do  that . . .  but  it  would  be  wrong.”  ■ 

Any  advice  for  Bob?  The  address  is  buzz@nww.com. 
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